1aab278bf6afbbd8ca5b21dfdd406fbf

General

Target

1aab278bf6afbbd8ca5b21dfdd406fbf
Size

16KB
MD5

1aab278bf6afbbd8ca5b21dfdd406fbf
SHA1

fc442766df28f6f1cc572bfe66ec72d4be46bc88
SHA256

567710445358618d161f3e4b1447d13bf971e6baf9f55f37eb24797363f3e0fe
SHA512

1ce6f1b47b663ecc06499afb57684aef037f0b9b9eac240e8d36be0e1c5519489520452aa73d21ffc3ee658aa7575f995c5bad7d789e49a77065bcae63e2d7a7
SSDEEP

192:8GyqCcLGgZWauMZN1pV83qYtYOidrb71YNgXuBBQ6PRQk/2WSexh44PR:PyqCP8WXMfF8QVduBBQARQkhSexa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1aab278bf6afbbd8ca5b21dfdd406fbf

Files

1aab278bf6afbbd8ca5b21dfdd406fbf
.dll windows:4 windows x86 arch:x86

5826f2682b3e5d337aca2ca965aabaef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostname
closesocket

ntdll

memcpy
memcmp
strlen
_strupr
strstr
RtlZeroMemory

kernel32

lstrlenA
TerminateThread
SystemTimeToFileTime
Sleep
LeaveCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
GetPrivateProfileIntA
GetLocalTime
GetCurrentProcessId
lstrcmpA
lstrcpyA
lstrcmpiA
WritePrivateProfileStringA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
VirtualProtectEx
lstrcatA
EnterCriticalSection
CreateThread
DeleteCriticalSection
WaitForSingleObject

user32

wsprintfA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
EnumWindows
GetWindowTextA
GetWindowThreadProcessId
KillTimer
SetTimer

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5826f2682b3e5d337aca2ca965aabaef

Headers

File Characteristics

Imports

ws2_32

ntdll

kernel32

user32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.bss Size: - Virtual size: 4B

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 3KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 584B

.text
Size: 9KB - Virtual size: 9KB

.bss
Size: - Virtual size: 4B

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 584B