3e8afb440f61919f85c5d052d554f327 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e8afb440f61919f85c5d052d554f327
Size

24KB
MD5

3e8afb440f61919f85c5d052d554f327
SHA1

80e0a1fd345718c36109a79221540293759089b0
SHA256

545354f0f5d4a626a4aeb73f464de9a6674c7277d3f8f7511bdfeace58a9b35d
SHA512

4275838a0b028f24e91dbe7dff615e1566dc1857b7f02e76c8873bb5a3ada6a7ecb81b169e554f8014b2316ffc0aa997856e6af7908b29bce12e9224d5edf771
SSDEEP

192:WJXePHu0eeWaf3roCnJuBBQ6PRQkjJqBLpTKCgahDm:WJXePO0eLq9JuBBQARQkNKLp+0i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e8afb440f61919f85c5d052d554f327

Files

3e8afb440f61919f85c5d052d554f327
.dll windows:4 windows x86 arch:x86

b9ab41f27ce021e7921be299ffd8699f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
CloseHandle
GetCurrentDirectoryA
GetModuleFileNameA
CreateThread
lstrlenA
VirtualProtect
Sleep
ExitProcess

user32

SetTimer
MapVirtualKeyA
GetKeyboardState
wsprintfA
CallNextHookEx
KillTimer
ToAscii
UnhookWindowsHookEx
SetWindowsHookExA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

gethostname

msvcrt

_adjust_fdiv
malloc
_initterm
free
time
srand
rand
memset
memcpy
strrchr
exit
strlen
fwrite
fclose
fopen
strcat
strcpy
strcmp

ntdll

_strlwr
_itoa

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ