115ba9f85bf6b4256466165b46166499 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

115ba9f85bf6b4256466165b46166499
Size

28KB
MD5

115ba9f85bf6b4256466165b46166499
SHA1

2214cef856f44116477748c252f06fe94a1137d9
SHA256

ab205e3421486797256ea7b0f04e48d5249892ba051ff7a3c396fa6d54b09437
SHA512

8a4c87858a33e940444b524ff8fa62ac0e422626021637eeb9ba7ea11daa8b535fb24610b80e1acd32eee293c3d793b7e7f9034aef4572232202c47c497aa1c4
SSDEEP

384:oILHfhBWUtv43ZyQISgC8EoyFKajqeX+srCsODM5D82:xZEUtQ3Zy7qohaj5X+sU45I2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
115ba9f85bf6b4256466165b46166499

Files

115ba9f85bf6b4256466165b46166499
.dll windows:4 windows x86 arch:x86

0fa118e9bc4ae56d9f0b8591132ca457

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateThread
CreateEventA
OpenEventA
GetModuleFileNameA
GlobalFree
GlobalLock
GlobalAlloc
GetCommandLineA
Sleep
VirtualAlloc
VirtualFree
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
ReadFile
CreateFileA
IsBadReadPtr
GetModuleHandleA
GetPrivateProfileStringA

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

WSACleanup
gethostbyname
gethostname
WSAStartup

Exports

Exports

ZtGame_IN
ZtGame_OUT

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ