8fe6649d6aa158eac2a002f76cfbfa71 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8fe6649d6aa158eac2a002f76cfbfa71
Size

24KB
MD5

8fe6649d6aa158eac2a002f76cfbfa71
SHA1

8662824df2f6ca91a786cc66ab1612bf7a362826
SHA256

880f037892c762b71f97f2f2623bd84db7577ce828e1c53a6a83b7e6a0e5ef15
SHA512

3d5901b9e1492e0d138f531cae1c9cbe57a2a214db33b42cd9cdc3a234f489f4f538dfba369c993f70a31db95f3ed2596c472cce8f16b21f6ae76c0cbc62d59b
SSDEEP

96:ohacC1GXJKc7LejCZRvsQnQ6PRQ0bPRbph6/V2RIqvBnkD5uNvaq3hH:oRgjuBBQ6PRQkJbpM/sJnL5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fe6649d6aa158eac2a002f76cfbfa71

Files

8fe6649d6aa158eac2a002f76cfbfa71
.dll windows:4 windows x86 arch:x86

88bb78e04c73fa4a456be8575a02ab10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
CloseHandle
GetCurrentDirectoryA
GetModuleFileNameA
CreateThread
Sleep
GetPrivateProfileStringA
lstrlenA
lstrcatA

user32

SetTimer
SetWindowsHookExA
CallNextHookEx
KillTimer
UnhookWindowsHookEx
wsprintfA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

ws2_32

gethostname

msvcrt

malloc
_initterm
free
strrchr
_adjust_fdiv
atoi
strcpy
memcpy
memset
strlen
strcmp
strcat

ntdll

_strlwr

Exports

Exports

StartServiceEx
StopServiceEx
_ServiceRouteEx@12

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ