7fc241e241bf485d0eaad59246326a28 | Triage

Sharing

General

Target

7fc241e241bf485d0eaad59246326a28
Size

16KB
MD5

7fc241e241bf485d0eaad59246326a28
SHA1

afaa3c0a9e87e1d01d6506d4ec7ede499463b557
SHA256

f8e5b921ad3c2cedcc3e01d33ddaa68ac47c208c1192ae23a2202b684945725b
SHA512

8e0421af34e38537483780838c48ed86ecda4a4e1d92a6030fe28ca8499dfafee31e5c16afbc71f4ad2f4090123bf2c8c7ddd4dfbaa2587c20181a408a11ad97
SSDEEP

192:dY98n2SL7GPDPOtN9ujaVR6nBeH7yp5N8uuBBQ6PRQke4HgJ1i7jhW1ryW:Zn2bPq/RkgIv8uuBBQARQk3HgJ6Wt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fc241e241bf485d0eaad59246326a28

Files

7fc241e241bf485d0eaad59246326a28
.dll windows:4 windows x86 arch:x86

84e9fbb724c233f01a5e200d2bf1b381

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_strupr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

GlobalFree
GetPrivateProfileStringA
CreateThread
lstrlenA
lstrcatA
WritePrivateProfileStringA
ExitProcess
lstrcpyA
lstrcmpiA
lstrcmpA
WaitForSingleObject
TerminateThread
Sleep
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
VirtualProtectEx
LoadLibraryA
ReadFile
GetSystemDirectoryA

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 550B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ