56f6c5b41031315172a96be0c0f52f9a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56f6c5b41031315172a96be0c0f52f9a
Size

16KB
MD5

56f6c5b41031315172a96be0c0f52f9a
SHA1

d22a11f877aad0f37506699a5206891d74bd9537
SHA256

514b4081f4c7170aca7bd36e37fba6106821a1470fe9712911245526884b9e1f
SHA512

433975bd31903997ce27064a2f1675e93884fa2f14b0cea0fdbeb6f4cf9c3d9619e71d549b70fd840c0fde050130e7dad73cc6cd852c894b024445c41e37d940
SSDEEP

192:WooGRwCVEES4L4tMmatWv1m2y8xO9VeluBBQ6PRQkJJ/tiTCJ/gf8:dVRJ3SXtktWvBpuBBQARQk7ti6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56f6c5b41031315172a96be0c0f52f9a

Files

56f6c5b41031315172a96be0c0f52f9a
.dll windows:4 windows x86 arch:x86

3938b9d381eb00c515b28dbc10a0fdff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

GlobalFree
lstrlenA
lstrcatA
VirtualProtectEx
ReadFile
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
Sleep
IsBadReadPtr
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
MultiByteToWideChar
LoadLibraryA
CreateThread

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

GetShortFileName
ServiceRouteExA
StartServiceEx
StopServiceEx
g_hModule

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 538B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ