108df34e8051d79efb3ba01255b4a169 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

108df34e8051d79efb3ba01255b4a169
Size

7KB
MD5

108df34e8051d79efb3ba01255b4a169
SHA1

146d49f5f299b02084bee6a946552dd674576b32
SHA256

2c88685a5f3514e63426a10e90e850176df64d04c5a9b527520f4319696bb2c6
SHA512

bbf5b92479da11be23adada8f01aac6b2d927a07cd3a5e90232891a1a293722be86e3ff6349b9261e8c0e7c75ecd7521947581bd017156dbd05c1e7a03a4144a
SSDEEP

96:HOUbuOLcGk4MnFsLCiLfcu5XqVlgXvD6aoePuYZYGaflwSwJ:uWuocGk4MnF4LF5Xwq6LebYRWhJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
108df34e8051d79efb3ba01255b4a169

Files

108df34e8051d79efb3ba01255b4a169
.dll windows:4 windows x86 arch:x86

77c655ea0cf81a0a7185014f31d0ea2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetProcAddress
GetModuleHandleA
Sleep
VirtualProtectEx
GlobalFree
ReadProcessMemory
GlobalLock
GlobalAlloc
GetCurrentProcess
GetCommandLineA
CreateThread

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

_adjust_fdiv
malloc
_stricmp
_initterm
free
strlen
??3@YAXPAX@Z
memcpy
strrchr
memset
strcpy
strcmp
strcat
sprintf
??2@YAPAXI@Z
strncpy
strstr

Exports

Exports

fa
fc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 275B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ