c40aef76632d98653d0ece6564ffb8ce | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c40aef76632d98653d0ece6564ffb8ce
Size

17KB
MD5

c40aef76632d98653d0ece6564ffb8ce
SHA1

5f9852d797e5c08514307c0d3111478aa66e38a0
SHA256

4fa8db7bf7cc78cbfa3bc9832fbfb0dd74bcf5ef495ffc252c895973662525d0
SHA512

400d277054f685bc6293409ba3b8dade14e31b02732fca5e86eff8abc7d5f878d2918626bf840ea3b4acd22beca6342af12d73ac651eb47c8357aca0347530b6
SSDEEP

192:97R79GB9f+ZNsrV+6LierzJ/qL6o51HfuBBQ6PRQkQ76fd34RBMa:FRkB9WftKZqbTfuBBQARQkqMdoRBMa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c40aef76632d98653d0ece6564ffb8ce

Files

c40aef76632d98653d0ece6564ffb8ce
.dll windows:4 windows x86 arch:x86

c14f93a7726e883375f21d54415029fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostname
closesocket

ntdll

memcpy
memcmp
strlen
_strupr
strstr
RtlZeroMemory

kernel32

lstrcatA
TerminateThread
Sleep
LeaveCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
GetPrivateProfileIntA
GetCurrentProcessId
EnterCriticalSection
DeleteCriticalSection
lstrcmpA
lstrcpyA
lstrcmpiA
WritePrivateProfileStringA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
VirtualProtectEx
CreateThread
lstrlenA
WaitForSingleObject

user32

wsprintfA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
EnumWindows
GetWindowTextA
GetWindowThreadProcessId
KillTimer
SetTimer

Exports

Exports

ServiceRouteExA
StartServiceEx
StopServiceEx

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 622B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ