0def9a928ca1f8ac59a6b3a1f1762b85 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0def9a928ca1f8ac59a6b3a1f1762b85
Size

7KB
MD5

0def9a928ca1f8ac59a6b3a1f1762b85
SHA1

cd508385b4fbc32fff568be132edbbd8c59e5386
SHA256

a49379be375903038845efc9b1631dc0584073bf3bc8787be22100be2dd6eab5
SHA512

454e3173539aa52ea8eba06af6777837b31e3f5afc8632922f222f96ad1095f6fc724c609d55e0c3083b93cff7e7e4ee844a6ce7ab21777e0422bff5e7f29259
SSDEEP

96:xntEnl/3SXQ73ClGNzd0n9sZSva8nXZ7RNrwrMFX3/UpQz41tZ0dY:dtEnlvsQSu89sGzn/NrwrQX3zz41Md

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0def9a928ca1f8ac59a6b3a1f1762b85

Files

0def9a928ca1f8ac59a6b3a1f1762b85
.dll windows:4 windows x86 arch:x86

4baefd57dc004bd427aa6dda667f8f32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
ReadProcessMemory
CloseHandle
GlobalFree
GetModuleHandleA
GlobalLock
GlobalAlloc
WriteFile
GetCurrentProcess
DeleteFileA
GetWindowsDirectoryA
IsBadReadPtr
ReadFile
GetModuleFileNameA
GetPrivateProfileStringA
CreateThread
VirtualProtectEx
CreateFileA

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
wsprintfA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ