79e712bf525e7e4293f88ed46901c8ac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

79e712bf525e7e4293f88ed46901c8ac
Size

24KB
MD5

79e712bf525e7e4293f88ed46901c8ac
SHA1

c86d6f89fa426b41e1eaac558e7eb73ee90937e8
SHA256

9b7dc59cd0aad976bffd49b6016dcee0b96230e76fe9089a69e6e1e4248e35ab
SHA512

15b12b3e78c9a4ca4a72a80105bedecfafab5f7f76ec111bfc3d986983d4c0a934ec0dff2b09c02fd5f02c289eb7552338b44da3092a411516fefb71fdc84ef6
SSDEEP

192:5c4tKwtUCGB67NuBBQ6PRQkBpaHgPb3zlEZ:/ooUVwNuBBQARQkHaSjzlE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79e712bf525e7e4293f88ed46901c8ac

Files

79e712bf525e7e4293f88ed46901c8ac
.dll windows:4 windows x86 arch:x86

d38256db1b0471121ab4a18a8d6efc8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
lstrcatA
lstrlenA
VirtualProtect
CreateThread
CloseHandle
GetModuleFileNameA

user32

SetWindowsHookExA
KillTimer
SetTimer
wsprintfA
UnhookWindowsHookEx
CallNextHookEx

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

gethostname

msvcrt

_adjust_fdiv
malloc
_initterm
free
strlen
strrchr
strstr

ntdll

_strlwr
_itoa

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 426B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ