addfe2cd660b90b125dc23dd1e62a4c5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

addfe2cd660b90b125dc23dd1e62a4c5
Size

44KB
MD5

addfe2cd660b90b125dc23dd1e62a4c5
SHA1

fc69bac1cad2a36141d1088ccd2efe197623ce2e
SHA256

f8dab3287fdacb2c7a9239c576680d346129a3ce6b5df62fb15953aae06c72fe
SHA512

76e1547b91b9f8e264065173f3de921404e9cf95ceecf2c4b5aade297a9d16ca620ccdce5e8418805d5dcf19bd485cbcd291d0900b323e6df3df8bb02c81867b
SSDEEP

768:cNb1OMa9/Vq4KRLSAzz7Dq22oTRJwNH8+DBwNwJ+ZC/tY:UOMaxVSLlz7xVyl1DJWI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
addfe2cd660b90b125dc23dd1e62a4c5

Files

addfe2cd660b90b125dc23dd1e62a4c5
.dll windows:1 windows x86 arch:x86

e041c95aadc873e8c64d630a2abb5b0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

GetUserNameA

kernel32

CloseHandle
CreateFileA
CreateRemoteThread
CreateThread
DeleteFileA
GetFileSize
GetLocalTime
GetProcAddress
GetTempPathA
GlobalAlloc
GlobalFree
LoadLibraryA
OpenProcess
ReadFile
SetCurrentDirectoryA
SetFilePointer
Sleep
VirtualAllocEx
WinExec
WriteFile
WriteProcessMemory

user32

CallNextHookEx
FindWindowA
GetForegroundWindow
GetKeyboardState
GetWindowTextA
GetWindowThreadProcessId
MessageBoxA
SetWindowsHookExA
ToAscii
wsprintfA

wsock32

WSACleanup
WSAStartup
closesocket
connect
htons
inet_addr
recv
send
socket

wininet

InternetGetConnectedState

Exports

Exports

myshit
sendm

Sections

500mhz
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

500mhz
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE