109603b8160b84cd35db81c2efc3e8db | Triage

Sharing

Copy URL Twitter E-mail

General

Target

109603b8160b84cd35db81c2efc3e8db
Size

24KB
MD5

109603b8160b84cd35db81c2efc3e8db
SHA1

df1f7c45d061db6584ea49fb08bc5bdfe212c61f
SHA256

f9e288353474f6a09c80650f5254ef76e306613e67ca3ed1029d062dc9aa4fb9
SHA512

1de4b2d0a257a8415d280a9bdfb2fd2eccad4d7715da58545dd0ae49b63c592352b48db7bc7138dc73f936b0aabe2731375490b0be8b69f0748d172b425c8869
SSDEEP

192:I11GYWEKdRHUpwEWCpuBBQ6PRQkX82ZZNn5WnN7iJaSahKOtV:I11gE8HUpBLuBBQARQks2Zv5WRiN0d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
109603b8160b84cd35db81c2efc3e8db

Files

109603b8160b84cd35db81c2efc3e8db
.dll windows:4 windows x86 arch:x86

dda8822a2f990e6623353d44800cc0e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
lstrcatA
CloseHandle
ReadProcessMemory
GetModuleFileNameA
CreateThread
VirtualProtect
Sleep
lstrlenA
ExitProcess

user32

CreateWindowExA
ShowWindow
KillTimer
UpdateWindow
DefWindowProcA
PostQuitMessage
DestroyWindow
DispatchMessageA
TranslateMessage
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetWindowTextA
wsprintfA
SetTimer
GetActiveWindow
RegisterClassA
GetMessageA

ws2_32

send

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

iphlpapi

GetAdaptersInfo

msvcrt

memcmp
free
strcmp
strstr
memcpy
fopen
fclose
fwrite
strcat
memset
strcpy
strrchr
strlen
exit
_adjust_fdiv
malloc
_initterm

ntdll

_strupr
_strlwr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ