12e479e32e287503620b1ef5bad9140e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12e479e32e287503620b1ef5bad9140e
Size

17KB
MD5

12e479e32e287503620b1ef5bad9140e
SHA1

7b8666b1dbbbce10f41042c9eeb7feceb988b087
SHA256

e6bfcbf5733e885aabc765b7868339c04cb0e7c2bf9e8bb581afe3da6aef35ee
SHA512

8639d0e6a78e5beeeca3894ea434c5f8b5bb539d6f1f24a6b9524d7231032e9a5d9868e1b8544cbd32b1dfe90f028b9b9ff2576402ecc957f202fb99b560083f
SSDEEP

384:SCwgHhodav/XwONuBBQARQkObJtiLb+HeB:RLSdavvTgBBQARQkObmLb+Hq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12e479e32e287503620b1ef5bad9140e

Files

12e479e32e287503620b1ef5bad9140e
.dll windows:4 windows x86 arch:x86

be567510fee741590a5a9a983ffa7ccb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory
RtlUnwind

ws2_32

closesocket
gethostname

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle

kernel32

GlobalAlloc
VirtualProtectEx
VirtualFree
VirtualAlloc
ReadFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
Sleep
IsBadReadPtr
CreateThread
lstrlenA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
GlobalFree
lstrcatA

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ