05a8b74cbbac9f22bd133cb75b4de742 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05a8b74cbbac9f22bd133cb75b4de742
Size

16KB
MD5

05a8b74cbbac9f22bd133cb75b4de742
SHA1

dda0665e5de9fd5cb581dd5ba6f79fd9945f6d39
SHA256

9d2e51971cbc56c8b7e3402a960c4b4310bd8719801b435752df3a12a3c7aede
SHA512

a90ae33be55ffcbefd826cf0d4a2c80b32be1090465b84836938665f94e14cc219398ac62d84a41a2ca7e3db74054643c262ecc56f828cf970305a5b87ac6fdb
SSDEEP

384:/HZ/XwTJMrE0wwdN3zVgfGuBBQARQkLq5MqJLwF:/HZvQnwdXg5BBQARQkml

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05a8b74cbbac9f22bd133cb75b4de742

Files

05a8b74cbbac9f22bd133cb75b4de742
.dll windows:4 windows x86 arch:x86

0080d1062b64769398227d1024ff78f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_strupr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

LoadLibraryA
GetSystemDirectoryA
GetPrivateProfileStringA
CreateThread
lstrlenA
WritePrivateProfileStringA
IsBadReadPtr
ExitProcess
lstrcpyA
lstrcmpiA
lstrcmpA
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
lstrcatA
ReadFile
VirtualProtectEx
Sleep

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ