0241864704fe13b5ec0f3c68b74bfd9b | Triage

Sharing

General

Target

0241864704fe13b5ec0f3c68b74bfd9b
Size

17KB
MD5

0241864704fe13b5ec0f3c68b74bfd9b
SHA1

80c3834712cdfe525ebca671f82d26e956210c28
SHA256

33e22c9a8fcabf0f9b5487aa03aa41480152335f5b7a11ed99f8545db99d9761
SHA512

bb66bf0a27e18dce68fa3051d42d5f4a0905f4d32606fb7a26bc2f1ec728bd79067d701e1173aba7e74681137c824cc1db54c7644097b81e361cebf13f227da9
SSDEEP

384:rSjGkgbQ8WOYz04UuBBQARQklUyZAAAa:r6g3Yz3BBQARQkhC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0241864704fe13b5ec0f3c68b74bfd9b

Files

0241864704fe13b5ec0f3c68b74bfd9b
.dll windows:4 windows x86 arch:x86

ce7015b2327011c7742e245d81dc8dee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

ReadFile
OutputDebugStringA
LeaveCriticalSection
InitializeCriticalSection
GetLocalTime
IsBadReadPtr
GetPrivateProfileStringA
lstrcpyA
lstrcmpiA
lstrcmpA
WriteFile
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
MultiByteToWideChar
EnterCriticalSection
VirtualProtectEx
lstrcatA
lstrlenA
CreateThread
DeleteCriticalSection
Sleep

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

GetVerifyCodePrivate
ServiceRouteExA
StartServiceEx
StopServiceEx
g_hModule

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ