1c206d3a36576ba497fb506e730fd918 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c206d3a36576ba497fb506e730fd918
Size

15KB
MD5

1c206d3a36576ba497fb506e730fd918
SHA1

108a86bbb84c9fcf56ce43fa8f53ffcd19619355
SHA256

3ff01143bb913fd5c68e3efc74718133702d00671b7ab3bdc63817ecd5340f2b
SHA512

479cc7bf1fc6fdc024d276775003f25fdc327d5f88d30d9c99c2e265c86a464c30d3f291629c4858dd9f0a03b0303460becf42e55393967ce0a69eb0f15c517a
SSDEEP

192:PiLzK5mxO+v58Wd5TwpW5TUyged08Pnu0nAb85TtvMRnCi/f2BUbhMDIPj:Prm4M/u8Bbe8Pv3TVMZiUbhTPj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c206d3a36576ba497fb506e730fd918

Files

1c206d3a36576ba497fb506e730fd918
.dll windows:4 windows x86 arch:x86

a1cd2a025715d7f4d2d66f2079e04b10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
VirtualQuery
OutputDebugStringA
GetProcAddress
LoadLibraryA
Sleep
ExitThread
CreateThread
CreateProcessA
WriteProcessMemory
GetModuleHandleA
WinExec
ReadProcessMemory
GetSystemDirectoryA

user32

DispatchMessageA
GetMessageA
TranslateMessage
SetWindowsHookExA
CallNextHookEx

ws2_32

gethostbyname
WSAStartup
socket
htons
inet_addr
connect
send
closesocket
recv
WSACleanup

wininet

HttpSendRequestW
HttpSendRequestA

msvcrt

_except_handler3
sprintf
_stricmp

Exports

Exports

FURONGJIEJIE

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ