9b597daa8024816ad7b40685a4ea8691

General

Target

9b597daa8024816ad7b40685a4ea8691
Size

60KB
MD5

9b597daa8024816ad7b40685a4ea8691
SHA1

9ce93000271e5fa9389bb3907693dcd9ffa9f6e4
SHA256

3557a994507aa3cc11d932f881db1b1c19cf4d42bc794f7e71486fcb1c5390c3
SHA512

8ef80c87862d9ee53c5dfbef2db9a661e6ee342efeaaa91870235556bfb3a0cf8f0cb0739284d4e5fe9fd09437c393f2743bc6886bae31c0957a27f41a00f5e7
SSDEEP

768:Gm1l++vriB46MyD6RYTTeSlygMvcnjQPUjLZzoTmzhM6:Gm1ziB46MyuRYTTeLvqoTmq6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9b597daa8024816ad7b40685a4ea8691

Files

9b597daa8024816ad7b40685a4ea8691
.dll windows:4 windows x86 arch:x86

0fad9afa9cfcf8502fdf28e4bc9e7f21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CloseHandle
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindFirstFileA
GetWindowsDirectoryA
GetModuleFileNameA
lstrcpyA
GetCurrentThreadId
TlsSetValue
DeleteFileA
WriteFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetLastError
VirtualProtect
FlushInstructionCache
GetCurrentProcess
GetProcAddress
LoadLibraryA
GetCommandLineA
GetVersion
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
HeapFree
SetStdHandle
DeleteCriticalSection
InitializeCriticalSection
ExitProcess
TerminateProcess
FreeEnvironmentStringsW
FreeEnvironmentStringsA
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapReAlloc
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapCreate
VirtualFree
HeapAlloc
VirtualAlloc

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx

wsock32

gethostbyaddr
WSAStartup
WSACleanup
socket
ioctlsocket
htons
connect
send
gethostbyname
recv

Exports

Exports

clearMyHook
decode
setMyHook

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JOE
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fad9afa9cfcf8502fdf28e4bc9e7f21

Headers

File Characteristics

Imports

kernel32

user32

wsock32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 2.0MB

.JOE Size: 4KB - Virtual size: 4B

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 2.0MB

.JOE
Size: 4KB - Virtual size: 4B

.reloc
Size: 12KB - Virtual size: 8KB