471930b1ca749243e86f5813679ea511 | Triage

Sharing

General

Target

471930b1ca749243e86f5813679ea511
Size

11KB
MD5

471930b1ca749243e86f5813679ea511
SHA1

29b32f748f7c9ebc56f6155fb0779814db8efc37
SHA256

852eca8953d71dfe5dc00d802a9d5fd108e608132164a53d8c090ce82bb65983
SHA512

1f5c619e83922b2c9ea8a127f16e0d027e6452507e0b184f10ddff93d93668d329ebab902c56bb8821f4aaf136ac49a1137c35b3cd36e22ef9000407923e14f9
SSDEEP

192:fUhHz87wHWwaClMkwL/G18eKLlWoOPHKn10FpUi7:8hHI7wTlJ024UoAqIp77

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
471930b1ca749243e86f5813679ea511

Files

471930b1ca749243e86f5813679ea511
.dll windows:4 windows x86 arch:x86

b90fc0f2f8a25bd98e8ffe8f8f85258a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyname
WSAStartup
send
accept
htons
listen
connect
socket
sendto
bind
recvfrom
closesocket
select
__WSAFDIsSet
recv

wininet

InternetOpenA
FtpPutFileA
InternetConnectA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

urlmon

URLDownloadToFileA

kernel32

CreateFileA
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetFileSize
GlobalAlloc
GlobalFree
Sleep
CreateThread
lstrcatA
lstrcpyA
lstrlenA
GetWindowsDirectoryA
lstrcmpA
WinExec

user32

CharLowerBuffA

gdi32

CreateDCA
GetDeviceCaps
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
BitBlt
GetDIBColorTable
DeleteObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ