198e0ccf514f85967fa8f68591ba8b68 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

198e0ccf514f85967fa8f68591ba8b68
Size

10KB
MD5

198e0ccf514f85967fa8f68591ba8b68
SHA1

79fb174caab172617509463108acd9627d027601
SHA256

fb24a84779d51354b24152edac6df82a0246176823e95be908f4f5d22d3af2cb
SHA512

2cebd3535fe3eeeffdd0ec45854d77264bd3e341e59936b62e2a8814de8d17f58c061878b496a7c698147315c231a263311deef7a1fbb79ce5666a2a833b8bcf
SSDEEP

192:S9LYtVAB+oDCs2eZykpPA/7YwisQyEFaINOEQoqh8c7rOKRF4i3oQ:qLYCVDfTpPAjpJQyEFaINJQorc7rOSCO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
198e0ccf514f85967fa8f68591ba8b68

Files

198e0ccf514f85967fa8f68591ba8b68
.dll windows:4 windows x86 arch:x86

2aed9cd82d725ffd250b313fa9e03be9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharLowerA
wsprintfA

kernel32

CreateThread
DeviceIoControl
ExitProcess
ExitThread
GetModuleFileNameA
GetProcAddress
GetProcessHeap
GetSystemDefaultLangID
GetSystemDirectoryA
CreateNamedPipeA
HeapAlloc
HeapFree
LoadLibraryA
RtlZeroMemory
Sleep
_llseek
_lread
_lwrite
CreateFileA
lstrcpyA
lstrcpynA
lstrlenA
ConnectNamedPipe
CloseHandle
GetTickCount
lstrcatA

advapi32

RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA

ws2_32

WSAStartup
accept
bind
closesocket
connect
gethostbyname
htons
inet_addr
listen
recv
send
shutdown
socket

Exports

Exports

kirdam

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ