087935d19eb9e2b78a098f586fd8c01c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

087935d19eb9e2b78a098f586fd8c01c
Size

15KB
MD5

087935d19eb9e2b78a098f586fd8c01c
SHA1

dad2d208b83de65bec5fe6eaa821c6abb430ccce
SHA256

d7c27efdb5d815a4077185fb97106abaaa3f6c94b27f73cfcc07a714bfc9806d
SHA512

360aa219a1a32c4a023ff0ae370fb69f4c6a95401fcb391286a4649755d190e33bd3f7dd0c5b8ca6565bbab9ad763729e884757f6df4da671bdbd7e7004f0752
SSDEEP

192:DudzsowGPMd34neO/S9j2uZL+JFBuBBQ6PRQkszPuDC8reynN:8sUPMdGeOW2dJTuBBQARQk8PuDCByN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
087935d19eb9e2b78a098f586fd8c01c

Files

087935d19eb9e2b78a098f586fd8c01c
.dll windows:4 windows x86 arch:x86

423c99a03c192047df670be5c549f734

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

ReadFile
Sleep
IsBadReadPtr
GetSystemDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateThread
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WritePrivateProfileStringA
WaitForSingleObject
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
lstrlenA
VirtualProtectEx
lstrcatA
TerminateThread

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
SetTimer
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ