3caf9e398ef32a3ebab2e4d813930fd8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3caf9e398ef32a3ebab2e4d813930fd8
Size

24KB
MD5

3caf9e398ef32a3ebab2e4d813930fd8
SHA1

483138dc2c3d16afa1180701b0dad56e6533c286
SHA256

86cef612041b6004287f6b3d45a335943a8578e1a527e5cbe5a3dbf102893603
SHA512

52695be70f3bb5badfe48a358bb0a3fbe0620af32266e46ed53caf2e61a43ce67b8b3fad5f940c591fb3442844a356bfa6e0793ee29f533df30e9d9d58a74148
SSDEEP

192:j9P80HuBBQ6PRQkj5GZjoIBKMPxRyGgfB1z:jx80HuBBQARQk9efBKYxKfT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3caf9e398ef32a3ebab2e4d813930fd8

Files

3caf9e398ef32a3ebab2e4d813930fd8
.dll windows:4 windows x86 arch:x86

02be0ff1508709ad20012ae5c12c713f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
ExitProcess
Sleep
lstrcatA
VirtualProtect
CloseHandle
CreateThread
GetModuleFileNameA

user32

SetTimer
wsprintfA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

gethostname

msvcrt

strrchr
strstr
strlen
free
_initterm
malloc
_adjust_fdiv

ntdll

_strlwr
_itoa

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1021B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ