baae323acd032e2855e4017c824e82e6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

baae323acd032e2855e4017c824e82e6
Size

36KB
MD5

baae323acd032e2855e4017c824e82e6
SHA1

ba1abaa79e2abd5e6c5c9ff8cf9762f0be4bb42f
SHA256

c6fbf435140dac5245464c14d87f8c409801e221a2caf15d56a4a46a1908b143
SHA512

7cfd975b959ab635038f9015130a80c7ed12005b8fe9a7de5f830ee374cb3670c89b9a90af8714dc1f29c949c28e921901af95cb2d3f496d4478ec444e51a0be
SSDEEP

384:PCVVEAmVRo26mvtPDsaaA2XBtmqKnt4zId5GtHjGw26Gdq:KVSAmjomvtPDs3Ct4Nt6h6G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baae323acd032e2855e4017c824e82e6

Files

baae323acd032e2855e4017c824e82e6
.dll windows:4 windows x86 arch:x86

c2a3eb0e0549a4bfb79220b32ea30ea2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetPrivateProfileStringA
GetTempPathA
GetModuleHandleA
Sleep
VirtualAlloc
OpenProcess
Process32Next
GetCurrentProcessId
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetProcAddress
LoadLibraryA
TerminateProcess
GetCurrentProcess
GetTickCount
WritePrivateProfileStringA
WinExec
ExitThread
CreateThread
ReleaseMutex
GetLastError
CreateMutexA
VirtualFree
GlobalAlloc
GlobalFree
GetVersionExA
IsBadWritePtr
IsBadReadPtr
GetModuleFileNameA

user32

CallNextHookEx
SetWindowsHookExA

ws2_32

closesocket
WSACleanup
setsockopt
connect
recv
gethostname
gethostbyname
inet_ntoa
inet_addr
socket
htons
send
WSAStartup

psapi

GetModuleBaseNameA

msvcrt

free
_initterm
_adjust_fdiv
sprintf
strstr
_snprintf
malloc
_strlwr

netapi32

Netbios

Exports

Exports

SetHook

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ