bef20778f359c939ca2475a293cc45c1 | Triage

Sharing

General

Target

bef20778f359c939ca2475a293cc45c1
Size

5KB
MD5

bef20778f359c939ca2475a293cc45c1
SHA1

d93484bb92a62028efe43ed71a4d74b20bc4c70d
SHA256

09fddc3e35e185b24ab6156138dafc47269b8a79741f6d0ebb76c36dc678be51
SHA512

016a185d2333115320ecacc49d7495449245d23a343b83e423c074e102911779e4c104722e5ee9659afed3cc0e68e8c6ce76dbdb2b3c88853a25e07f6499fe61
SSDEEP

96:szpXPbWaWrGiVi7+x7wa8cEDafhAumjjj:szZPKaYri6NX8cEygjn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bef20778f359c939ca2475a293cc45c1

Files

bef20778f359c939ca2475a293cc45c1
.dll windows:4 windows x86 arch:x86

6fb6317c2bb4ca85ef05cd3ff8d955e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetCurrentProcess
CreateThread
VirtualProtectEx
GetModuleFileNameA

user32

FindWindowA
UnhookWindowsHookEx
CallNextHookEx
SendMessageA
IsWindowVisible
GetClassNameA
SetWindowsHookExA
FindWindowExA
EnumChildWindows

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

msvcrt

malloc
_initterm
free
memcpy
??3@YAXPAX@Z
strcmp
_adjust_fdiv
_stricmp
strlen
??2@YAPAXI@Z
sprintf
strcpy
strrchr

Exports

Exports

fa
fb

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1002B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ