5c4a3ecf3ffb9046e3b0de5129a4301b | Triage

Sharing

General

Target

5c4a3ecf3ffb9046e3b0de5129a4301b
Size

10KB
MD5

5c4a3ecf3ffb9046e3b0de5129a4301b
SHA1

655fda593640f76a71231d5a8c3ca08160ea5f26
SHA256

b74f6e951671005dda836839ae6ba514e018602db68463c94be44acdf9d9a560
SHA512

b8b992a5d1bb3cf3abeeb50056b31086aee2aa9179102b7fecca6b38ebb1ae5e532a4ac078ad8cc26aa2c1383903c62faae9e4388304d1ba2da7065baa9ceb88
SSDEEP

192:HmKR9mC2IsTs4l6t3RRt1WWkSQtpfKdALjwMKy:G29P2I9eYPiyQtqAPwZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c4a3ecf3ffb9046e3b0de5129a4301b

Files

5c4a3ecf3ffb9046e3b0de5129a4301b
.dll windows:4 windows x86 arch:x86

6c9094f0bcb966e38cc6b594de42add7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
CreateThread
VirtualProtectEx
GetCurrentProcess
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
Sleep
GetCommandLineA
GlobalFree
ReadProcessMemory
GlobalLock
GlobalAlloc
GetPrivateProfileStringA

user32

ToAscii
SetWindowsHookExA
CallNextHookEx
GetAsyncKeyState
GetKeyboardState
UnhookWindowsHookEx

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

msvcrt

_adjust_fdiv
malloc
_initterm
free
strstr
strncpy
_stricmp
??2@YAPAXI@Z
sprintf
strlen
memcpy
strrchr
strcpy
memset
strcmp
strcat

Exports

Exports

fa
fc

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ