2b67d840c7d1c7a70e47ef6016a9472e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b67d840c7d1c7a70e47ef6016a9472e
Size

21KB
MD5

2b67d840c7d1c7a70e47ef6016a9472e
SHA1

4069860713e4ed1e62e74427c4e056e12b5a3475
SHA256

dc2af255af9ab87c682d150b331ba046276d16e8ef07d0085ff2ea5ab567e98d
SHA512

921a7cfd78eda2818761841dd39a87ace73fb1077cc8c93cb983a20b7f238b77c21fa90f87c77904b3bec870c584283d79ae376ff201d9fd1df8ab2213969e40
SSDEEP

192:ROp3Q+osUNy4vRaXCxxkjeJCGPUEOFSNXV0tFp5H/36JQTCVo1fimC:C3Q+osgcX4JVPsS1VMpZuOf+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b67d840c7d1c7a70e47ef6016a9472e

Files

2b67d840c7d1c7a70e47ef6016a9472e
.dll windows:4 windows x86 arch:x86

8902fc5e7f3b25ec53c08ce2eb79e936

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
send
WSAStartup
accept
htons
listen
connect
socket
sendto
bind
recvfrom
closesocket
select
__WSAFDIsSet
recv

wininet

InternetConnectA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetGetConnectedStateEx
FtpPutFileA

urlmon

URLDownloadToFileA

kernel32

CreateFileA
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetFileSize
GlobalAlloc
GlobalFree
lstrcpyA
lstrlenA
lstrcmpA
Sleep
CreateThread
lstrcatA
GetWindowsDirectoryA
WinExec

user32

CharLowerBuffA

gdi32

CreateDCA
GetDeviceCaps
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
GetDIBColorTable
DeleteObject

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ