22ce3ef66382387bdbe6afdaf7bce3dc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22ce3ef66382387bdbe6afdaf7bce3dc
Size

14KB
MD5

22ce3ef66382387bdbe6afdaf7bce3dc
SHA1

c6289e2592f54f49e1538a1e889dd7ff779c9802
SHA256

d9ec879cdfed70c34d57319869ed2c5a0ada7b0956dafd3cd9224eaf113661aa
SHA512

d07f440f39788fdbd175d2618acd41e107844f154b91a9d93a96c5688fc53f43cd57f7da6f887ec63bc78eecedaadf3b519ff63fc9196ff9974ad9dc04dee373
SSDEEP

384:JOImpE3lxXRDOVPnPxDlbObQ3fRNwwd+NXLfG7kU:6pE3bX1EZMM3fRNwq8Lfx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22ce3ef66382387bdbe6afdaf7bce3dc

Files

22ce3ef66382387bdbe6afdaf7bce3dc
.dll windows:4 windows x86 arch:x86

2de0a22578c0c0ec4b2341b3f27a5ebf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
WSAStartup
bind
listen
accept
recv
socket
htons
connect
WSAGetLastError
send
shutdown
closesocket
inet_addr

user32

wsprintfA

psapi

GetProcessImageFileNameA

urlmon

URLDownloadToFileA

kernel32

CreateThread
WaitForSingleObject
GetModuleHandleA
GetProcAddress
lstrlenA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetLastError
WinExec
GetCurrentProcess
CreateMutexA
InterlockedIncrement
GetTickCount
CopyFileA
DeleteFileA
ReadFile
CreateFileA
GetFileSize
CloseHandle
InterlockedExchange
Sleep
CreateProcessA

msvcrt

malloc
rand
srand
fclose
fwrite
strlen
fopen
strncpy
_stricmp
strchr
realloc
memset
strstr
sprintf
_initterm
_adjust_fdiv
free

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ