298f1e5342e9e64fa9aa47b073fca56f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

298f1e5342e9e64fa9aa47b073fca56f
Size

15KB
MD5

298f1e5342e9e64fa9aa47b073fca56f
SHA1

43e6a7e81490eee47023611d5018817dc4288867
SHA256

d29f56fb0bf702e766ed02b3f3db59328c94929057d74077290005831f9396f1
SHA512

f8a4fb2d2929d65503208605a0d081b1fcd83872929b2303efdf836817071db5c3dd1176a65798009d34af904be4ea7437d74a81c52b8b0d1b80520ee9479912
SSDEEP

384:+8lsN6TqQISyrgyWixTuBBQARQkSPhELxS:+81yrWixSBBQARQkZS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
298f1e5342e9e64fa9aa47b073fca56f

Files

298f1e5342e9e64fa9aa47b073fca56f
.dll windows:4 windows x86 arch:x86

7d7dc35c8fe77acc4c1c42a86ade8343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostname
closesocket

ntdll

RtlZeroMemory
memcmp
memcpy
strlen
strstr

kernel32

ReadFile
GetSystemDirectoryA
GetPrivateProfileStringA
EnterCriticalSection
DeleteCriticalSection
WritePrivateProfileStringA
GetCommandLineA
lstrcpyA
lstrcmpiA
lstrcmpA
WaitForSingleObject
TerminateThread
Sleep
LeaveCriticalSection
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
CreateThread
VirtualProtectEx
lstrcatA
lstrlenA
InitializeCriticalSection

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ