380d360444a514b8047f72501863028c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

380d360444a514b8047f72501863028c
Size

19KB
MD5

380d360444a514b8047f72501863028c
SHA1

e15b8eb3b324dca48f071cab0b2437f74d138923
SHA256

2e95824c947d7912d1ab867c9e8bfb6b0dd00eece9d4ddc80d35eb718fcb7852
SHA512

d536d04f9a47bdd5ec71db1c89ea2902f1e8bcc3c81a0d97ea19bc835a82f4a6a506f8804a0c86f9395a795b7af62a476fdd502e4367818b8ec809aebcc4439c
SSDEEP

384:IiGkPf7aTF+6sugDiuBBQARQkfQxX7M4:IFkPfuTFsugDFBBQARQkfqX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
380d360444a514b8047f72501863028c

Files

380d360444a514b8047f72501863028c
.dll windows:4 windows x86 arch:x86

8c3a2dfe3a1d7f2c90d231ebe9350ff6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
RtlZeroMemory
strcpy
memcmp
memcpy

kernel32

VirtualAlloc
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteProcessMemory
VirtualQueryEx
CloseHandle
CreateFileA
CreateThread
GetCurrentProcess
GetCurrentProcessId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
ReadProcessMemory
Sleep
TerminateProcess
VirtualProtectEx
VirtualFree

user32

GetWindowThreadProcessId
KillTimer
SetTimer
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowLongA
GetWindowTextA
EnumWindows
wsprintfA
CallNextHookEx
CallWindowProcA

ws2_32

send
gethostname

Exports

Exports

DescryptoData
ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ