4799a8b3a65d425a45b5fbce77057fc4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4799a8b3a65d425a45b5fbce77057fc4
Size

16KB
MD5

4799a8b3a65d425a45b5fbce77057fc4
SHA1

983cb4575cda95673acddb3b041fb16dd2dab255
SHA256

ce5e0494210ce25bcae7250c12befeef6836da07f0be4ff439aa564b3c9edc66
SHA512

da41b6c606f8eb36a925ac85ae99009d313d81b5d93906c17f40b6bae06e058f7ecfaed37e417ad21a2edfb2ed37ee4fa421368c44d0ff616775a65ec5315723
SSDEEP

192:4asUMGrvIZXbPPFRX2MaMs6BfsQuBBQ6PRQk66kwvBa6s3lNAYbpzC:Fs0rwJPFYvWEQuBBQARQk6uBaX373

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4799a8b3a65d425a45b5fbce77057fc4

Files

4799a8b3a65d425a45b5fbce77057fc4
.dll windows:4 windows x86 arch:x86

d3ae0c171f7b089135534ffbd7cf38c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

WritePrivateProfileStringA
WaitForSingleObject
TerminateThread
Sleep
LeaveCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
GetPrivateProfileIntA
ExitProcess
IsBadReadPtr
lstrcpynA
lstrcpyA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
VirtualProtectEx
lstrcatA
lstrlenA
EnterCriticalSection
CreateThread
DeleteCriticalSection
lstrcmpiA

user32

wsprintfA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
GetKeyboardState
MapVirtualKeyA
SetTimer
ToAscii

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ