563fe11da3369c1724cb6f2f23f1a3c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

563fe11da3369c1724cb6f2f23f1a3c9
Size

13KB
MD5

563fe11da3369c1724cb6f2f23f1a3c9
SHA1

62087338b6835a5f08d3a8dfb4654f04893a3c97
SHA256

4db4b842f09feb06fd5c834f70197bda5a9e1d986626f3dac1515a03eeea30ea
SHA512

9847da4542c06ff0f7e8e3b5fd38eebdb9c20289fede2887348620a0d313c6398a7bc8482a397acea5244f58acbe13eb72d62b1e56a8962047bae5e0202c3c36
SSDEEP

192:amRZIhcvo0lbFnqCxDlpzxuJ85kWg+dL+d3EXrPK3BRwi/2:RzNvo6sCJlpzxuz+drjCci/2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
563fe11da3369c1724cb6f2f23f1a3c9

Files

563fe11da3369c1724cb6f2f23f1a3c9
.dll windows:4 windows x86 arch:x86

8f74cb168ecd1f2dc5b8db4799b0fab5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
VirtualProtect
Sleep
lstrcmpA
lstrcatA
lstrcmpiA
lstrcpyA
ExitProcess
lstrlenA
GetTickCount
lstrcpynA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
WritePrivateProfileStringA
GetTempPathA
ExpandEnvironmentStringsA
GetPrivateProfileStringA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
CreateThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA

user32

SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
CallNextHookEx

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA

Exports

Exports

Hookoff
Hookon

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ