3be960c34dc7b8c67b68f4aea3e6a56b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3be960c34dc7b8c67b68f4aea3e6a56b
Size

24KB
MD5

3be960c34dc7b8c67b68f4aea3e6a56b
SHA1

0c11a3b3c497affff5ad1b404ac55d1e96f8c9ca
SHA256

3b5bdd6f5978e9f6f6de6ff257ac017913ae176fc57326ac1f4cbf18b131bd62
SHA512

36556b85e450b4292e3415f7661f9ab462c504d56d16476945b61c96a8e163ad661bf87348f2e036f1b95d1765fd1e1153a7e92b742b29758be91018ebf260f0
SSDEEP

192:hSo4PiWiR9bToB5KhhpuBBQ6PRQkbZXG2PJjlRqsx26:hSo4P/iR9HoBMuBBQARQkVXbPxlss86

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3be960c34dc7b8c67b68f4aea3e6a56b

Files

3be960c34dc7b8c67b68f4aea3e6a56b
.dll windows:4 windows x86 arch:x86

93ad1ccba931bbf62002412509b02151

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
CloseHandle
Sleep
GetModuleFileNameA
CreateThread
VirtualProtect
ExitProcess
GetCurrentDirectoryA
lstrlenA

user32

wsprintfA
SetTimer
KillTimer
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

ws2_32

gethostname

msvcrt

strcmp
_adjust_fdiv
fclose
fread
fputs
fopen
strcat
exit
memcmp
strcpy
memset
strlen
strrchr
malloc
free
_initterm

ntdll

_strlwr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ