981a536254bb0b373acd05a1e7866348 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

981a536254bb0b373acd05a1e7866348
Size

17KB
MD5

981a536254bb0b373acd05a1e7866348
SHA1

4cba359273b5a238978d294f340769a395f0def4
SHA256

b54327d3b182bc525348305b572a0cf603fc126e9bedbe400dae605d1093afb4
SHA512

67268a7ccb45a353a838e307b30f901a891fa5749063831046d7cdb8a6d495e1afa613c3aaaff19148d2a1d7702774eef3c95118bded7f405a46c35fa7ff8134
SSDEEP

384:RCQFMX/Rq4wvmMNuBBQARQkObKtiSb+H:Y3/Rq4wvmMgBBQARQkObdSb+H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
981a536254bb0b373acd05a1e7866348

Files

981a536254bb0b373acd05a1e7866348
.dll windows:4 windows x86 arch:x86

be567510fee741590a5a9a983ffa7ccb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory
RtlUnwind

ws2_32

closesocket
gethostname

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle

kernel32

GlobalAlloc
VirtualProtectEx
VirtualFree
VirtualAlloc
ReadFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcmpA
lstrcpynA
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
Sleep
IsBadReadPtr
CreateThread
lstrlenA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
GlobalFree
lstrcatA

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ