04bc99351f458986634bf27f5dbe80b1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04bc99351f458986634bf27f5dbe80b1
Size

28KB
MD5

04bc99351f458986634bf27f5dbe80b1
SHA1

10328da01ed8d6d4e3963151e39d21c6d6309b07
SHA256

9578119966b2f0bcef8224e499a0a939ac0a1b9ea2285510c0eb8c3e19da51a5
SHA512

839048f82b08c08250b03c6fc924abefb485b084e1efdc33940f91e987126c5a0c5ce68896d7fafd437d0b92b3fc015da71468418f6b98ae7b197087966cfb69
SSDEEP

192:YsGLBKvXJUPpoBg+SpN6GxBcf+QgagR1HJsJxKVF0VEP2RFWPEXBEC3tPDym4yCk:YsGLMvi8XS76Gxt1p+MVHib33ACWS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04bc99351f458986634bf27f5dbe80b1

Files

04bc99351f458986634bf27f5dbe80b1
.dll windows:4 windows x86 arch:x86

95209f32ef77ab6bc822f8ca9a926301

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
GetLastError
WriteProcessMemory
VirtualProtectEx
MultiByteToWideChar
ReadProcessMemory
WaitForSingleObject
Sleep
CreateThread
CloseHandle
ReadFile
CreateFileA
GetSystemDirectoryA
WideCharToMultiByte
GetCurrentProcess
VirtualProtect
TerminateProcess
SetEvent
WriteFile
lstrcpyA
CreateEventA
OpenProcess
GetCurrentProcessId
CreateMutexA
HeapFree
GetProcessHeap
HeapAlloc

ws2_32

bind
htons
closesocket
listen
__WSAFDIsSet
select
accept
gethostbyname
inet_addr
inet_ntoa
ntohs
recv
connect
send
WSAGetLastError
socket

user32

IsCharAlphaNumericA
wvsprintfA
wsprintfA

Exports

Exports

ApplicationConnect
ApplicationEntry
ApplicationNotify
ApplicationRecv
ApplicationSend

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ