4ec9084090a63c0335230c7dee8c0aec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ec9084090a63c0335230c7dee8c0aec
Size

18KB
MD5

4ec9084090a63c0335230c7dee8c0aec
SHA1

0208d329e9af077b9d3154f6778b7c92b07d2367
SHA256

7fb6b38b34d9e7d9269a2a543dfc03565e3fdfc266b9808a3d06b5a74e817a31
SHA512

7e9ef9cde0c18ce81d0c25e52a21eb0dec2e7c13b583bacef0a2cbc4c62a3c21be3ac216958b0722883d523bb88c87c2154574bb7d921cfc3bc43f7261b515fb
SSDEEP

384:on0gwBlAs4ZXXiTRjR/jHVeeLfgPqc+urDZRQcNtr:on0bfAdJXWL/zV7kCBuffJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ec9084090a63c0335230c7dee8c0aec

Files

4ec9084090a63c0335230c7dee8c0aec
.dll windows:4 windows x86 arch:x86

e32932e508fe57d2564e2474762285af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLocalTime
GetProcAddress
LoadLibraryA
GetLastError
DeleteFileA
GetSystemDirectoryA
TerminateThread
SetThreadPriority
GetTempPathA
GetModuleFileNameA
DisableThreadLibraryCalls
FatalAppExitW
ExpandEnvironmentStringsA
EnumSystemLanguageGroupsA
EnumSystemCodePagesW
VirtualAlloc
VirtualFree
Sleep
CreateFileA
WriteFile
CloseHandle
CreateThread
CreateProcessA

user32

GetDC

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

advapi32

CloseServiceHandle
OpenServiceA
DeleteService
OpenSCManagerA
ControlService

msvcrt

strrchr
strlen
memcpy
_except_handler3
sprintf
strcat
memset
strcpy

Exports

Exports

DriverProc
modMessage
modmCallback

Sections

YdrsufT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rata
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ