02de91c28f0fa00a2e69d24bf9f6a09a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02de91c28f0fa00a2e69d24bf9f6a09a
Size

16KB
MD5

02de91c28f0fa00a2e69d24bf9f6a09a
SHA1

283b9266d19364ee376bc5e8725c817bce6ae5b4
SHA256

475b1900cfdd73be3501776d805cc45f938087b917165a64de2c38abe5f28d54
SHA512

644f9f8fe83ddd13257cdbe6fb548928d2f347e450b55100e9940f2739d76783b47efc32993d7d568f0dba5fe9576cd0bbdc7b79d0896665e1a1f02f2065db1e
SSDEEP

192:6PPsM2GXA9JdEcewrI0m1YbhqXeFvutXuBBQ6PRQkFKCi8v6gxbN:60MfXKcgrI0fNqhuBBQARQkji8y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02de91c28f0fa00a2e69d24bf9f6a09a

Files

02de91c28f0fa00a2e69d24bf9f6a09a
.dll windows:4 windows x86 arch:x86

3938b9d381eb00c515b28dbc10a0fdff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

GlobalFree
lstrlenA
lstrcatA
VirtualProtectEx
ReadFile
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
Sleep
IsBadReadPtr
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
MultiByteToWideChar
LoadLibraryA
CreateThread

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ