cacf1ddda4d8e1a220e0edce132e4ded | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cacf1ddda4d8e1a220e0edce132e4ded
Size

17KB
MD5

cacf1ddda4d8e1a220e0edce132e4ded
SHA1

54491a0838e2eb2edcd0940a2018fb6261284c24
SHA256

eac4772b83db179faab20ee0ad676dd05dff67c79e29b6b62cda7ffceb9ca3e0
SHA512

0381d49958a26f35ae707a50cca2106cefed1705463ea40404654b30bc8c8d100f3585b6e80565d11a0005407e007f786c341213b69d9b5a3e95a217ea79e0f2
SSDEEP

192:C8RFbyBrGv9OQMJcS/NmXITPd7k71SwGRfsDWSd7psTuBBQ6PRQkjJFQE9mh:CyF2Mv8QIJW781SteTuBBQARQklFQE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cacf1ddda4d8e1a220e0edce132e4ded

Files

cacf1ddda4d8e1a220e0edce132e4ded
.dll windows:4 windows x86 arch:x86

3c73ebc635da089ea12bbcc065add22a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostname
closesocket

ntdll

RtlZeroMemory
memcmp
memcpy
strlen
strstr

kernel32

VirtualProtectEx
InitializeCriticalSection
GetSystemDirectoryA
GetPrivateProfileStringA
GetLocalTime
WritePrivateProfileStringA
GetCommandLineA
lstrcpyA
lstrcmpiA
lstrcmpA
WaitForSingleObject
TerminateThread
Sleep
OutputDebugStringA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
EnterCriticalSection
lstrcatA
lstrlenA
CreateThread
DeleteCriticalSection
LeaveCriticalSection

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteExA
StartServiceEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ