4500251b4c38b5dfe5b4c15229f04cf9 | Triage

Sharing

General

Target

4500251b4c38b5dfe5b4c15229f04cf9
Size

9KB
MD5

4500251b4c38b5dfe5b4c15229f04cf9
SHA1

b45bf624e16cf1f1ff04af7ca0c28bbeed18801f
SHA256

8ae2bb97e5569d7533558fc07425b1f231f3e55cffbdef0b9cff82ddb1f91656
SHA512

7d70603f88cbcb78e6a538c48b5db50bc55800185362c568055955208c3c50a24422718a98e1db41d89ee8bb6ed6da94d8e020d4c5941c9661b7988daf0b5e08
SSDEEP

96:FukIDzKF4OPr8s6DeZjOYWYUnBWxkAVcs7tDfEydpHKwdyj38APTGlsyaf38hCZP:azCPrNrFWfBPcc4dpHKbTDPqKlZ3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4500251b4c38b5dfe5b4c15229f04cf9

Files

4500251b4c38b5dfe5b4c15229f04cf9
.dll windows:4 windows x86 arch:x86

a3f3269faf7dd6a2f3577fa66026f5c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
Sleep
GetCommandLineA
GlobalFree
GetModuleHandleA
GetCurrentProcess
GlobalLock
GlobalAlloc
GetPrivateProfileStringA
GetProcAddress
IsBadReadPtr
VirtualProtectEx
CreateThread
ReadProcessMemory

user32

SetWindowsHookExA
GetAsyncKeyState
ToAscii
CallNextHookEx
GetKeyboardState

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

msvcrt

strcat
_adjust_fdiv
malloc
_initterm
free
memset
strlen
strstr
memcpy
strrchr
strcpy
strcmp
_stricmp
sprintf
??2@YAPAXI@Z
strncpy

Exports

Exports

fa
fc

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 602B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ