1d5d1c3b00ca94d0a26a3e15d7f97eb5 | Triage

Sharing

General

Target

1d5d1c3b00ca94d0a26a3e15d7f97eb5
Size

14KB
MD5

1d5d1c3b00ca94d0a26a3e15d7f97eb5
SHA1

ff672f59881d82cf245f004e9d3a62c1cd27df0a
SHA256

f6c28e7e9dc73f0f59db78875a65bc5fb621256ed9aeee398a82c52acbe12122
SHA512

4b5b5be26195ae5411fb6f0d4de7c84ea1dbcf90c6643cc92b911717612804a190c74de2517b67155094ca57ceaa8d217e8fe14e54960855383bfb6c6ed7e81d
SSDEEP

192:9chmsojhLxh3L+BAiQJ15lByjgjUVkDwWnshznUbPyons2++qOy1:CmsojhLxh3L4Qz5XyEUO7eUDbHnqO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d5d1c3b00ca94d0a26a3e15d7f97eb5

Files

1d5d1c3b00ca94d0a26a3e15d7f97eb5
.dll windows:4 windows x86 arch:x86

45a9abebbee270fed29c8d938698dd2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

accept
htonl
bind
listen
ntohs
__WSAFDIsSet
socket
WSAGetLastError
htons
connect
send
select
recv
setsockopt
shutdown
closesocket
WSAStartup
gethostname
gethostbyname
inet_addr
ioctlsocket

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

kernel32

WinExec
GetLastError
OpenMutexA
CloseHandle
CreateMutexA
GetTickCount
Sleep
WaitForSingleObject
ReleaseMutex
GetSystemDirectoryA

user32

TranslateMessage
DispatchMessageA
GetMessageA

msvcr71

strstr
memcpy
malloc
fread
free
sscanf
strcat
printf
strcmp
_exit
atoi
fwrite
fopen
fgets
fclose
fseek
ftell
_initterm
_adjust_fdiv
__CppXcptFilter
_except_handler3
__dllonexit
_onexit
vsprintf
_unlink
strncmp
time
srand
sprintf
_beginthread
rand
strcpy
memset
strlen

Exports

Exports

load

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 798B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ