3d0c35718ae3ce8384d5276dcd8add77 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d0c35718ae3ce8384d5276dcd8add77
Size

14KB
MD5

3d0c35718ae3ce8384d5276dcd8add77
SHA1

be1e4af9d55ef8227aa0a6662a1faf8eec610622
SHA256

a04ecd5490dc4ee70b3d384d1f07f295ab6caf3d5a10cb06f93d737c4480fba6
SHA512

50eab20c468cb3e6473994c4957db89e1db62a224c7921c38192ad11a1e0a9e14acae29d136fc2333efa389a509c0eece760942efc93172a028dcd30d24dcc81
SSDEEP

192:dfCNDiuWdQWzZ5hfoImYsRgr2qHBuBBQ6PRQkkh3BTl:QNDId36Iz1huBBQARQku3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d0c35718ae3ce8384d5276dcd8add77

Files

3d0c35718ae3ce8384d5276dcd8add77
.dll windows:4 windows x86 arch:x86

6b2d4b52113bfa79b888a7bec84f465b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

gethostname

kernel32

ReadFile
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrcmpA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
CreateThread
VirtualProtectEx
lstrcatA
lstrlenA
Sleep

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

GetVerifyCodePrivate
ServiceRouteExA
StartServiceEx
StopServiceEx
g_hModule

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 378B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ