b930dd58a9f9c404977e8def26f1a8ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b930dd58a9f9c404977e8def26f1a8ad
Size

17KB
MD5

b930dd58a9f9c404977e8def26f1a8ad
SHA1

4a68bf7e3d4ed6d4ffb52feaa5a637678a5afd59
SHA256

78ff5fb3ae5d264d91c6b97ad056609ad999c3157c6c76af0eb0b3c3f987ba2d
SHA512

490aac7375782db7a11cc4fba21d08bc16c9b0acd76e6d128bc01dc7383208ccce2db4657cfa10884bc54b5fcc9bc6db4df293beda2df987afc7ea5f1f11564f
SSDEEP

192:KTgMLGtTVUsxEKXEzKk1DuBBQ6PRQknh2tQGPA4J+2:SgXLdXEz3RuBBQARQkctQin

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b930dd58a9f9c404977e8def26f1a8ad

Files

b930dd58a9f9c404977e8def26f1a8ad
.dll windows:4 windows x86 arch:x86

547a4364bb2eb6c33a946992f677660e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

sscanf
atoi
strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

gethostname

kernel32

lstrcatA
ReadProcessMemory
OpenProcess
LeaveCriticalSection
InitializeCriticalSection
GetCurrentProcessId
EnterCriticalSection
DeleteCriticalSection
IsBadReadPtr
lstrcpyA
lstrcmpiA
WaitForSingleObject
TerminateThread
CloseHandle
CreateFileA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
VirtualProtectEx
CreateThread
lstrlenA
Sleep

user32

wsprintfA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
EnumWindows
GetWindowTextA
GetWindowThreadProcessId

Exports

Exports

ServiceRouteEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ