293feffabc0596d8f956bcd3271bfed7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

293feffabc0596d8f956bcd3271bfed7
Size

16KB
MD5

293feffabc0596d8f956bcd3271bfed7
SHA1

03cdc8df53bb735111ef9ba69077a2ab2636f890
SHA256

a97a99015d7c4912da6c2d0c6d2dc09045821ce96e75d65eefb2dc4008b46dc8
SHA512

a83b688505cdabbb65038bbdc88ad2bd3bf7ac04629a9e7da662d5aac773973568b6e805e441910cbc45616017b0d8c026e4ca581d6f1d8604e5ae072b72f488
SSDEEP

192:1Ut25G7a2rqkP+anYOvGgN+tncoYIFjuBBQ6PRQkngi9xckD+tML:ut207RD+qaxuBBQARQkgi9xJT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
293feffabc0596d8f956bcd3271bfed7

Files

293feffabc0596d8f956bcd3271bfed7
.dll windows:4 windows x86 arch:x86

2d0c9cbfc79862af0735dd1e9f3a8a9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

GlobalFree
CreateThread
lstrlenA
lstrcatA
VirtualProtectEx
lstrcmpA
OutputDebugStringA
lstrcpynA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
Sleep
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
ReadFile
LoadLibraryA
IsBadReadPtr

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 530B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ