4783a8a489e0bab95ff26fddc670f7ad | Triage

Sharing

General

Target

4783a8a489e0bab95ff26fddc670f7ad
Size

14KB
MD5

4783a8a489e0bab95ff26fddc670f7ad
SHA1

9299ec2db8d6aa16f1c03ee380a8c7f6222f7c6d
SHA256

bdcc445a6d230d82a682861c42a92ace935186becf85413d5774840c7cf6e571
SHA512

7bd7d56fd44e04ae443ed384dc6f518ff2b18d7cb08d4da56cc62546a106d34b4cc822b139b6f68881ed5d7afb052ee2b6e1ce12def85b1a03e679baeafeaa2e
SSDEEP

192:dYgwn3gxWEvH6OZP6guBBQ6PRQkhIThZ5t:an3NijhuBBQARQkhIf5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4783a8a489e0bab95ff26fddc670f7ad

Files

4783a8a489e0bab95ff26fddc670f7ad
.dll windows:4 windows x86 arch:x86

efdf42d5f4a1f51903517dbb9baeaaf7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

gethostname

kernel32

VirtualProtectEx
LeaveCriticalSection
InitializeCriticalSection
GetPrivateProfileStringA
GetCurrentDirectoryA
EnterCriticalSection
lstrcpyA
lstrcmpiA
WaitForSingleObject
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
DeleteCriticalSection
lstrcatA
lstrlenA
CreateThread
TerminateThread

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
FindWindowA
GetWindowThreadProcessId
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ