669f14b2e26b98159cd47b200369bd19 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

669f14b2e26b98159cd47b200369bd19
Size

28KB
MD5

669f14b2e26b98159cd47b200369bd19
SHA1

eb729f46442c59e2f6f499b4424cd9a8d28e2a5d
SHA256

2f386a8d89bf9ca63f14dbe71163638c029961fa39f7a2ec2cff709066d52f39
SHA512

0037c74961623b976a65796afcee9d403aa918d1b5c640b75c481fa2732d55bd6252d6d8d58156d6f4f987f41ff5793a3899e2fd358a8705a0f5749727449c29
SSDEEP

192:KGEEV7qikyNnzHsyZX5toLT2lJSRzpLV3kKpjoJqscEJG:DZ7BZNn4cC2GLxkYKZHc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
669f14b2e26b98159cd47b200369bd19

Files

669f14b2e26b98159cd47b200369bd19
.dll windows:4 windows x86 arch:x86

6f4f3de9f0a4eb423374d462083aeb6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord939
ord1158
ord2818
ord4278
ord858
ord860
ord2764
ord540
ord537
ord800

msvcrt

_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
strstr
__CxxFrameHandler

kernel32

GetCurrentProcessId
CreateThread
OpenProcess
GetModuleFileNameA
Sleep
ReadProcessMemory
ReadFile
SetFilePointer
GetFileSize
CreateFileA
CloseHandle

user32

UnhookWindowsHookEx
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowsHookExA
CallNextHookEx

ws2_32

recv
closesocket
send
connect
htons
socket
gethostbyname
WSAStartup

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ