2690d44ea3b19395f3f88f2ef1bdb42c | Triage

Sharing

General

Target

2690d44ea3b19395f3f88f2ef1bdb42c
Size

9KB
MD5

2690d44ea3b19395f3f88f2ef1bdb42c
SHA1

29f707b8bf0159fffd6b75103c9ccfcce0030303
SHA256

5ff9bcc7782ce407905db9c5c96a0d45636b1adb73cc4fd55d3a6b824014ef52
SHA512

9e06d5e45f2abe81cf110a94811861e51b6d6808b96a22bf8c6910da8e7220a79239b300773e0ffa5edf06c6a1be0e68ac0b69dc71f759fa503ebe7c5840cbcb
SSDEEP

96:1apT99PQtSnFKhUY6kvTUbmee3fEW8r2Ctdd1Y4pXmEaflF4TWUe:1aP9It+cJDeQ9ZKWLb4TWUe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2690d44ea3b19395f3f88f2ef1bdb42c

Files

2690d44ea3b19395f3f88f2ef1bdb42c
.dll windows:4 windows x86 arch:x86

5639056ef331e4902ca132cb897c32d4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadProcessMemory
GlobalLock
GlobalAlloc
CreateThread
GlobalFree
IsBadReadPtr
GetPrivateProfileStringA
Sleep
WriteProcessMemory
GetModuleFileNameA
GetCurrentProcess
WideCharToMultiByte

user32

UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

msvcrt

_adjust_fdiv
_stricmp
malloc
_initterm
free
memset
??3@YAXPAX@Z
strcat
strrchr
strcpy
sprintf
??2@YAPAXI@Z
strlen
memcpy

Exports

Exports

fa
fc

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ