7ccfa013137edf633207e0dada1356fb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7ccfa013137edf633207e0dada1356fb
Size

19KB
MD5

7ccfa013137edf633207e0dada1356fb
SHA1

c0e251d5a99f8de5cde865266d0592c0cfce89f4
SHA256

cbf844cf949b3dab3b6f81dab72c9355b6889e88a2b6a97232a013657259d2a6
SHA512

390f449b633135bfc6352fcdbb85b94492105823cef9f1a5ea2e59619100612573f6fb856d9730f1cb9e9f63cc6aa868bc27805dfedcc1dd986dafa674ea7873
SSDEEP

384:pAE6khqqsTLmIajOrQjqDduBBQARQkRPy40cwVm2:pLhqpTqIahjWQBBQARQktzsVm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ccfa013137edf633207e0dada1356fb

Files

7ccfa013137edf633207e0dada1356fb
.dll windows:4 windows x86 arch:x86

6b18adff80a920e134d15c91a95777b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

ReadFile
Sleep
IsBadReadPtr
GetSystemDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
CreateThread
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WritePrivateProfileStringA
WaitForSingleObject
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
MultiByteToWideChar
ExitProcess
VirtualProtectEx
lstrcatA
lstrlenA
TerminateThread

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
SetTimer
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ