5389a13d417bc7e9bf83c2ae13c56f08 | Triage

Sharing

General

Target

5389a13d417bc7e9bf83c2ae13c56f08
Size

16KB
MD5

5389a13d417bc7e9bf83c2ae13c56f08
SHA1

34545611dd7187265f9eebfffd4e673bf6e727dc
SHA256

4a7f3286c3c67c4931d481fb63f4ddbad452079c84d374129e6afe3f2eaca088
SHA512

607d2575f19a888364a4525643a7da79e9ff941107895f354a796a22ecde8647ad9bf654375a9f775e1b3ec27dbe69117011fa32a99c103ffc08b8070bc55797
SSDEEP

384:fZ/XwTJMrmqOSQEaib8fuBBQARQkLDOSqJeYq:fZvQnq/ZaibDBBQARQkA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5389a13d417bc7e9bf83c2ae13c56f08

Files

5389a13d417bc7e9bf83c2ae13c56f08
.dll windows:4 windows x86 arch:x86

0080d1062b64769398227d1024ff78f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_strupr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

LoadLibraryA
GetSystemDirectoryA
GetPrivateProfileStringA
CreateThread
lstrlenA
WritePrivateProfileStringA
IsBadReadPtr
ExitProcess
lstrcpyA
lstrcmpiA
lstrcmpA
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
lstrcatA
ReadFile
VirtualProtectEx
Sleep

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ