149fb04aa6bc4d50acfded2987c6a412 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

149fb04aa6bc4d50acfded2987c6a412
Size

32KB
MD5

149fb04aa6bc4d50acfded2987c6a412
SHA1

3f633da9dd7aa8b7cb8fad7a18f18ac3c4db7207
SHA256

4a943625e716c3f226dfa9993fc710389a941bc86561febe70bbdfbf73d2c035
SHA512

bd2c97ba676c1e3d33ae014d20aa41acdcef6aaedd03d339574afd89fc09b19b1f189fabf2c7bafd7c290706ef32e9146f19fba6c4ab5a063b7f907db49bedb8
SSDEEP

768:gNoQJ7zCVRJWFO0w/FLbTVTr4xipTq2ELMufnz:gf3CVRmwNYjAufz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
149fb04aa6bc4d50acfded2987c6a412

Files

149fb04aa6bc4d50acfded2987c6a412
.dll windows:4 windows x86 arch:x86

239bfdeaa78e09ee2944a65ec04c73b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs
ntohl
closesocket

msvcrt

memcmp
free
_initterm
atoi
_adjust_fdiv
_strupr
memcpy
strcmp
fwrite
time
strrchr
fopen
fseek
ftell
??2@YAPAXI@Z
memset
fread
fclose
strstr
strchr
strncpy
??3@YAXPAX@Z
_strlwr
_itoa
malloc

kernel32

CreateEventA
lstrcmpA
WaitForSingleObject
SetEvent
CreateThread
GetModuleHandleA
LoadLibraryA
CopyFileA
GetProcAddress
GetTempPathA
WideCharToMultiByte
lstrcpyA
lstrlenA
ReadProcessMemory
lstrcatA
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
GetModuleFileNameA
Sleep

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ