4f8621f78dc86e987912eaaa1eb94b09 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f8621f78dc86e987912eaaa1eb94b09
Size

13KB
MD5

4f8621f78dc86e987912eaaa1eb94b09
SHA1

6fe5b0730432c77bf89ec50cd040ec05518d6e35
SHA256

b3f7aad3ae911d9e5ff8f0fde33a2c72b258209132da8bcd40439d202401f598
SHA512

2fd0b7ba482917e489d999a91713c4dc33d9cd67d5fb7c40beab98d6590d207071921b8c1ac1e3b04ac80d473bcb864cc399ac066fadffa835df6f934f8a92ba
SSDEEP

192:jU2cdl+WSP42ZbXYDTtlXahuBBQ6PRQkdxKt0:jhcTgpxanahuBBQARQk7Ki

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4f8621f78dc86e987912eaaa1eb94b09

Files

4f8621f78dc86e987912eaaa1eb94b09
.dll windows:4 windows x86 arch:x86

8765726c074d69b1d31c68679f348101

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

gethostname

kernel32

ReadFile
GetPrivateProfileStringA
GetCurrentDirectoryA
EnterCriticalSection
DeleteCriticalSection
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
LeaveCriticalSection
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
CreateThread
VirtualProtectEx
lstrcatA
lstrlenA
InitializeCriticalSection

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ