7fee5fe8b926dc54f620c04db488dda1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7fee5fe8b926dc54f620c04db488dda1
Size

21KB
MD5

7fee5fe8b926dc54f620c04db488dda1
SHA1

0ceb244fb14bfaacbc7ba8233657c1851e432644
SHA256

514a884efd84ec070c7dc2bbdd67f7f0b6e818a9ced139b23dad6fec388a6ef3
SHA512

6ef7707107d9fd13d9f1a6adfccf09b8bde8df1d3c00bc9786baddd88fe3428e38d3c5731819add5365c927f6683242793215dc9bb138554050e31983fde0735
SSDEEP

384:4wAb7PcuanxWe50NGmYTf5z2M1LkpZz+4/34GPY1/xj1YEFEv:VoOGGfzlGxH3pYRvYI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7fee5fe8b926dc54f620c04db488dda1

Files

7fee5fe8b926dc54f620c04db488dda1
.dll windows:4 windows x86 arch:x86

4b9a5b8a4a729cc18fb71bb5a33f60a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSACleanup
WSAStartup
recv
closesocket
send
gethostbyname
htons
socket
connect

kernel32

CreateFileA
OpenEventA
SetEvent
VirtualQuery
GetModuleFileNameA
CreateEventA
lstrcatA
lstrlenA
GetTempPathA
GetWindowsDirectoryA
GetSystemDirectoryA
lstrcmpiA
lstrcpyA
lstrcpynA
Sleep
GlobalFree
GlobalAlloc
lstrcmpA
DeleteFileA
GetTempFileNameA
CloseHandle
WriteFile
RtlUnwind
LoadLibraryA
CreateProcessA
GetLastError
GetTickCount
FindClose
FindFirstFileA
FindNextFileA
MoveFileA
SetFileTime
ExitProcess
CreateThread

user32

SetWindowsHookExA
CallNextHookEx
SendMessageA
CharLowerA
wsprintfA

advapi32

RegCreateKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

Activate

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ