24edf58a56d2a8d57159793f6fd7484c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24edf58a56d2a8d57159793f6fd7484c
Size

24KB
MD5

24edf58a56d2a8d57159793f6fd7484c
SHA1

54bf8ab30b6b1d3750db96102e57d7bc038ee263
SHA256

2e3643fb728b3b414f08e0321bf936bdfbdac599381856fabbcbbd69823d9737
SHA512

8d878af95206d10941aea8a75d23ed25266071a574d85e1d91f4c1300d51b8310e648a90675b0f0cf2aebcdac4ef3992a572f5ba9d66a1034c02fe46e414514c
SSDEEP

192:WsWOzAIh/uZ12QjuBBQ6PRQkd8HLZ/WWnN8UusC:WsWOzAkuTzuBBQARQk6HFWWCXn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24edf58a56d2a8d57159793f6fd7484c

Files

24edf58a56d2a8d57159793f6fd7484c
.dll windows:4 windows x86 arch:x86

ec4cd48853c4dd1660203a97132c948c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadProcessMemory
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
CloseHandle
GetCurrentDirectoryA
GetModuleFileNameA
CreateThread
VirtualProtect
Sleep
ExitProcess
lstrlenA

user32

GetMessageA
PostQuitMessage
DestroyWindow
DispatchMessageA
TranslateMessage
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetWindowTextA
wsprintfA
SetTimer
GetActiveWindow
KillTimer
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
DefWindowProcA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

msvcrt

_initterm
free
strcmp
strstr
malloc
memset
strcpy
strrchr
strcat
fopen
fclose
strlen
_adjust_fdiv
memcpy
fwrite
exit
memcmp

ntdll

_strlwr
_strupr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ