cded63dffeb57e84fc8f394a2908ad30 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cded63dffeb57e84fc8f394a2908ad30
Size

13KB
MD5

cded63dffeb57e84fc8f394a2908ad30
SHA1

1c2d20a6df5514456bb5e68f9e7c0344fe5fd5dc
SHA256

ec625743781d492810c1dee4e1831efa75f59cd5cad7a9336e3381287ca62aae
SHA512

c19e3528e8211434cb958c144bb28b35163b9ef2200cb416517687e43ba112ce8bef5f4cd8df289e55db90a6e90facdfe37c06915b67a34e1430bbaa4eaf4d3b
SSDEEP

192:G76sWNBbGXkvnqxK+MqHqWuBBQ6PRQkNmAIiUWfer3:46BNIXx5M1WuBBQARQkHIiUmU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cded63dffeb57e84fc8f394a2908ad30

Files

cded63dffeb57e84fc8f394a2908ad30
.dll windows:4 windows x86 arch:x86

76f53cb8d94d029997b2d1e7b97d8e74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strstr
strlen
memcpy
memcmp
RtlZeroMemory

ws2_32

gethostname

kernel32

GlobalAlloc
VirtualProtectEx
ReadFile
LoadLibraryA
GlobalFree
lstrcmpA
IsBadReadPtr
lstrcpynA
lstrcpyA
lstrcmpiA
lstrlenA
CloseHandle
CreateFileA
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
lstrcatA

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA

Exports

Exports

ServiceRouteEx
StartServiceEx
StopServiceEx

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ