41330346f7be0725aa2c833d615660ad | Triage

Sharing

General

Target

41330346f7be0725aa2c833d615660ad
Size

19KB
MD5

41330346f7be0725aa2c833d615660ad
SHA1

20f1f6bd827d9730541fa3b8852cb74453c079ef
SHA256

c2f3d18efcf4ea6eff42a09694f9d644beea5f7a34136d762f3da7096c55a6d8
SHA512

ffa81c3bd18aba8cac47ded18ede41e5033b9f8b1bb3061565e852dc3e6657b0f17793c6ac6df657a86d80c35a00b5fe8b37d6a3a11071091da1e0e30f2ecc22
SSDEEP

384:NtVcRdm+5Wm53SLSmKCCuBBQARQkfWxXzG:ifbWbSmKClBBQARQkfEX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41330346f7be0725aa2c833d615660ad

Files

41330346f7be0725aa2c833d615660ad
.dll windows:4 windows x86 arch:x86

8c3a2dfe3a1d7f2c90d231ebe9350ff6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
RtlZeroMemory
strcpy
memcmp
memcpy

kernel32

VirtualAlloc
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteProcessMemory
VirtualQueryEx
CloseHandle
CreateFileA
CreateThread
GetCurrentProcess
GetCurrentProcessId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
ReadProcessMemory
Sleep
TerminateProcess
VirtualProtectEx
VirtualFree

user32

GetWindowThreadProcessId
KillTimer
SetTimer
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowLongA
GetWindowTextA
EnumWindows
wsprintfA
CallNextHookEx
CallWindowProcA

ws2_32

send
gethostname

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ