0756b78b505922fc52ec70c08032789b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0756b78b505922fc52ec70c08032789b
Size

28KB
MD5

0756b78b505922fc52ec70c08032789b
SHA1

db6df9b377861dbbc027a8bd273ea13ca29d6ab3
SHA256

13eb274eb24dece9ef29e403feb26f005c04e2c29e58e2e8824f17cb2fe0b3fa
SHA512

fd63633bf600741a81836494f79a008c82136d8cbe0f5a37228e1a64ec78872f80384482bee0d42afc3cd1e024a3c031f2221132f6db65f57224e24fb99e890c
SSDEEP

96:+vlhCC6bAexRoaoN8mgsaBmnvl6PiN0f5LkYXyMsoZb4rpi2p4Ng0Q9lNuu62S:6lhz8RyGVL2vqRf5rXyEmrpipG0Ubl0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0756b78b505922fc52ec70c08032789b

Files

0756b78b505922fc52ec70c08032789b
.dll windows:4 windows x86 arch:x86

509d9d9cf8a1c4c65ea5f7d687fbfcd7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord939
ord4278
ord858
ord2818
ord860
ord537
ord2764
ord540
ord800

msvcrt

_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
strstr
__CxxFrameHandler

kernel32

GetModuleFileNameA
CloseHandle
OpenProcess
GetCurrentProcessId
WriteProcessMemory
ReadProcessMemory
Sleep
ReadFile
SetFilePointer
GetFileSize
CreateFileA
CreateThread

user32

UnhookWindowsHookEx
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowsHookExA
CallNextHookEx

ws2_32

recv
closesocket
send
connect
htons
socket
gethostbyname
WSAStartup

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ