28a5a86cb0b0e954026cb3037b65d04d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28a5a86cb0b0e954026cb3037b65d04d
Size

24KB
MD5

28a5a86cb0b0e954026cb3037b65d04d
SHA1

d05e62c6e8db90497fa767a079e3d17385b2180a
SHA256

675013a433dde4589c8a74a8c0810269c769a743915d8013e29af88628015b84
SHA512

91129eb41a87e128b02ff7b6cb68dbbf6d3f2eb861fdb5ef5fef09eb2983179e76b64c5290f584affdd06e60fc0d2e5c3210205a4f4ef3b86e99d61b32048064
SSDEEP

192:LXN1NYfJ/bXe+aDe5t6puBBQ6PRQkX828AZNn5WnN7i/dhL:LXN1mJa+Co4uBBQARQks2dv5WRi/nL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28a5a86cb0b0e954026cb3037b65d04d

Files

28a5a86cb0b0e954026cb3037b65d04d
.dll windows:4 windows x86 arch:x86

d6cc96e89221ae5a79fbcd0eb06dabc4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
lstrcatA
CloseHandle
ReadProcessMemory
GetModuleFileNameA
CreateThread
VirtualProtect
Sleep
lstrlenA
ExitProcess

user32

CreateWindowExA
ShowWindow
KillTimer
UpdateWindow
DefWindowProcA
PostQuitMessage
DestroyWindow
DispatchMessageA
TranslateMessage
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetWindowTextA
wsprintfA
SetTimer
GetActiveWindow
RegisterClassA
GetMessageA

ws2_32

send

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

iphlpapi

GetAdaptersInfo

msvcrt

memcmp
free
strcmp
strstr
memcpy
fopen
fclose
fwrite
strcat
memset
strcpy
strrchr
strlen
exit
_adjust_fdiv
malloc
_initterm

ntdll

_strlwr
_strupr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 802B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ