8f8897ab2523e4e2b67dc281e0a0e768 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8f8897ab2523e4e2b67dc281e0a0e768
Size

32KB
MD5

8f8897ab2523e4e2b67dc281e0a0e768
SHA1

2b37737f8b1c6a02362b4f0c928bbc74c0e5975f
SHA256

ad18b7bd55b008206ec57d55786e23b6d490785c8cf90bf16cf2a3f9ee1bb806
SHA512

007523571f788d46dd8f1d92cd41053b7794340c8baec4efcdb08ee610e271f185fabcfb2be4f0fb8f703dadd2ee12cf3af592e3f5fe6d1aeb2cef16728b2014
SSDEEP

768:YaN7FhM32IQWjapUNPgPvQmJWrP2pu0XslYERD:nprQ0W1nBR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f8897ab2523e4e2b67dc281e0a0e768

Files

8f8897ab2523e4e2b67dc281e0a0e768
.dll windows:4 windows x86 arch:x86

efb9cd33414feee957f33def24ce344c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs
closesocket

msvcrt

_strupr
_adjust_fdiv
malloc
_initterm
free
strchr
memcmp
atoi
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
fopen
fread
fclose
fwrite
time
memset
_strlwr
_itoa

kernel32

WriteProcessMemory
CreateEventA
GetModuleHandleA
Sleep
CreateThread
lstrlenA
LoadLibraryA
CopyFileA
GetProcAddress
GetModuleFileNameA
GetTempPathA
SetEvent
WaitForSingleObject
IsBadReadPtr
lstrcpyA
ReadProcessMemory
lstrcatA
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ