3edb4a633cf7f9cada1c806b6a66b3bf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3edb4a633cf7f9cada1c806b6a66b3bf
Size

24KB
MD5

3edb4a633cf7f9cada1c806b6a66b3bf
SHA1

3bc78a952c8669b0a932f2e131dbe6de65192d9e
SHA256

fcc56e220ca5ccb5c5e00b0d25ddc6a4d3720353c17bf23c297b53f0cc16bc7a
SHA512

8aebb7a96d36c16a53ec45c749be2f93ef2f12aff5bfe380ab69fab418934aaa9c67fe6f1d9f5bddccc30f2ec86ccaca15f7269d179586a48b4d5e949d870b1d
SSDEEP

192:ejF3KlrJuBBQ6PRQkX5uPj1zwaIq8mfm:eAltuBBQARQkJuPJzeqy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3edb4a633cf7f9cada1c806b6a66b3bf

Files

3edb4a633cf7f9cada1c806b6a66b3bf
.dll windows:4 windows x86 arch:x86

85112d307510d3471b6f9526f2aa3e7c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
Sleep
lstrcatA
VirtualProtect
CloseHandle
CreateThread
GetModuleFileNameA

user32

wsprintfA
SetTimer
KillTimer
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx

ws2_32

gethostname

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA

msvcrt

strcpy
memset
strlen
strcmp
strrchr
free
_initterm
malloc
_adjust_fdiv

ntdll

_strlwr
_itoa

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ