194a1a17da8cd19d58c362f5860debff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

194a1a17da8cd19d58c362f5860debff
Size

14KB
MD5

194a1a17da8cd19d58c362f5860debff
SHA1

39119958385ffd2f5aceffb28e482f05a324e68b
SHA256

72d0f943c47a214aee3af03e46fbdb4b00eafec8cb6e5ec43322db9110f0b340
SHA512

3bf4f0622d099cee5e63243def942298329e5ef27acd025cb8aa46fdb7e01daa6054161521b5719880e913f6efd30cfe0e3368f14582b259cd08b9f8c5f7fe46
SSDEEP

384:/cUhv2xP/aZZIxAsyApCABFAFG1rn/MoAREVpd7j/9osHeHWHwHOWHmce/t1D:UZxPGZIWEVFoS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
194a1a17da8cd19d58c362f5860debff

Files

194a1a17da8cd19d58c362f5860debff
.dll windows:4 windows x86 arch:x86

726f43d278c57146f314690bd2457c03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadCodePtr
LoadLibraryA
FreeLibrary
VirtualProtect

msvcrt

malloc
free
strncpy
strstr
_snprintf

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup
send
WSACleanup

Sections

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ