1dfedcf2c37631739599fcc736e4572d

General

Target

1dfedcf2c37631739599fcc736e4572d
Size

16KB
MD5

1dfedcf2c37631739599fcc736e4572d
SHA1

fe6f235f670f2da161056ff4dc50a1b0585430aa
SHA256

8c70c9c6060cc4eb98470705bc193e66f49c41f806eb1a38afdf3b7b12abea14
SHA512

64162f9ddb84d56bd02c7a392169764f357524f9d4ab4c85b0fcaa1758c49d20dfa9026aa091e53bf0a7d42d42d73efdd6d25f9e91dd33c3749ac3b64cd24e88
SSDEEP

192:Pp4DCs7GuWS50ZNOp6XKPjI+idSDbFiWF3uBBQ6PRQk/2Wrexh4/P:haCvuWSGfpxwJuBBQARQkhrexa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1dfedcf2c37631739599fcc736e4572d

Files

1dfedcf2c37631739599fcc736e4572d
.dll windows:4 windows x86 arch:x86

5826f2682b3e5d337aca2ca965aabaef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostname
closesocket

ntdll

memcpy
memcmp
strlen
_strupr
strstr
RtlZeroMemory

kernel32

lstrlenA
TerminateThread
SystemTimeToFileTime
Sleep
LeaveCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
GetPrivateProfileIntA
GetLocalTime
GetCurrentProcessId
lstrcmpA
lstrcpyA
lstrcmpiA
WritePrivateProfileStringA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
VirtualProtectEx
lstrcatA
EnterCriticalSection
CreateThread
DeleteCriticalSection
WaitForSingleObject

user32

wsprintfA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
EnumWindows
GetWindowTextA
GetWindowThreadProcessId
KillTimer
SetTimer

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5826f2682b3e5d337aca2ca965aabaef

Headers

File Characteristics

Imports

ws2_32

ntdll

kernel32

user32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.bss Size: - Virtual size: 4B

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 584B

.text
Size: 9KB - Virtual size: 9KB

.bss
Size: - Virtual size: 4B

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 584B