1eec61a65efa13afa06da8713bbca844 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1eec61a65efa13afa06da8713bbca844
Size

17KB
MD5

1eec61a65efa13afa06da8713bbca844
SHA1

6e62f4d81a01476896e6e5907f6930484bb6e5ad
SHA256

2bb49d3d7fea64b499dd3331e2659977c134bc4fd6dc8a9a390527cc8672d86a
SHA512

8ecb4705e6fac964a5726b4e73d38868bdfd636cb79f101e40e75349a7b6228e9cf0969ce63a1ed09df66b516fe3f5e3005a89a8a5873b498e903bf2f6197329
SSDEEP

384:BSjGkgbQ8WOYIVw4NuBBQARQklUyZAAAc:B6g3YWoBBQARQkhC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1eec61a65efa13afa06da8713bbca844

Files

1eec61a65efa13afa06da8713bbca844
.dll windows:4 windows x86 arch:x86

ce7015b2327011c7742e245d81dc8dee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

ReadFile
OutputDebugStringA
LeaveCriticalSection
InitializeCriticalSection
GetLocalTime
IsBadReadPtr
GetPrivateProfileStringA
lstrcpyA
lstrcmpiA
lstrcmpA
WriteFile
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
MultiByteToWideChar
EnterCriticalSection
VirtualProtectEx
lstrcatA
lstrlenA
CreateThread
DeleteCriticalSection
Sleep

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ