b4bbdc1b3d888dc0b0ba4dac58ee8a1c | Triage

Sharing

General

Target

b4bbdc1b3d888dc0b0ba4dac58ee8a1c
Size

19KB
MD5

b4bbdc1b3d888dc0b0ba4dac58ee8a1c
SHA1

d88e8b36679ce137801c69bf00f544bc66c838e1
SHA256

bdcaf4d6c93b2332516634a21c0a9feba687b03ed28af6b1d651db581c6e9fe8
SHA512

f0166ad9060b40c9fb4162e2684462d5fd579321d3e0ef1a292598974e56c9c79f9eaa42a58da872ad7ee16c14597b65766579716760df637d11d460ae22bd6f
SSDEEP

192:AqlYQqPtrN7alaKFe1ifB07pQiu8Di+XxuBBQ6PRQkf2D48ZDix2DMohix6b:VOQqPf7aTFLWKiJxuBBQARQkfdxXwMa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4bbdc1b3d888dc0b0ba4dac58ee8a1c

Files

b4bbdc1b3d888dc0b0ba4dac58ee8a1c
.dll windows:4 windows x86 arch:x86

8c3a2dfe3a1d7f2c90d231ebe9350ff6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strlen
RtlZeroMemory
strcpy
memcmp
memcpy

kernel32

VirtualAlloc
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteProcessMemory
VirtualQueryEx
CloseHandle
CreateFileA
CreateThread
GetCurrentProcess
GetCurrentProcessId
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
ReadProcessMemory
Sleep
TerminateProcess
VirtualProtectEx
VirtualFree

user32

GetWindowThreadProcessId
KillTimer
SetTimer
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowLongA
GetWindowTextA
EnumWindows
wsprintfA
CallNextHookEx
CallWindowProcA

ws2_32

send
gethostname

Exports

Exports

DescryptoData
ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ