ccc6dbd6fc22f3d6ed787fb1d80db3d5 | Triage

Sharing

General

Target

ccc6dbd6fc22f3d6ed787fb1d80db3d5
Size

17KB
MD5

ccc6dbd6fc22f3d6ed787fb1d80db3d5
SHA1

06561b99b2ba55cde48dbe032c2f386191cb612c
SHA256

e9917f4bfc85782c3229cb0bb4f830ce7ec113ed1abf46e9204a0143a1491bf7
SHA512

fc7eff32edf697106eb87d2253250dce4c089b3c373d949d59fcbf2ff84ee864d7b46902777a14594e0b0a340444bd6162dba50ced33240855b7d2ec11d6752c
SSDEEP

192:ih5wMMWXPoZrEpN4uPgC1nunNk5OuBBQ6PRQkDSpkvGkCS3LsA:iTwcXwOpN4EHu+5OuBBQARQkD1GkCS3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ccc6dbd6fc22f3d6ed787fb1d80db3d5

Files

ccc6dbd6fc22f3d6ed787fb1d80db3d5
.dll windows:4 windows x86 arch:x86

87638ed08dd32292ebaa17a53b0c574d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

closesocket
gethostname

kernel32

CreateThread
WritePrivateProfileStringA
WaitForSingleObject
TerminateThread
SystemTimeToFileTime
Sleep
LeaveCriticalSection
InitializeCriticalSection
GetSystemDirectoryA
GetPrivateProfileIntA
IsBadReadPtr
lstrcpynA
lstrcpyA
CloseHandle
CreateFileA
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
VirtualProtectEx
lstrcatA
lstrlenA
GetLocalTime
DeleteCriticalSection
EnterCriticalSection
ExitProcess
lstrcmpiA

user32

wsprintfA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
KillTimer
GetKeyboardState
MapVirtualKeyA
SetTimer
ToAscii

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ