518ce32380161dee5ae7bbfdcd6b4ce0155392731ed5d91a0f3469497137c3e9 | Triage

Sharing

General

Target

518ce32380161dee5ae7bbfdcd6b4ce0155392731ed5d91a0f3469497137c3e9
Size

18KB
MD5

24b67abab2c584c488f955e260a76ce8
SHA1

bd21ec155dd40e1f4652248465dabaece60947da
SHA256

518ce32380161dee5ae7bbfdcd6b4ce0155392731ed5d91a0f3469497137c3e9
SHA512

b8294e21d7d1e98c97b7e71b700a18c9196a994e078e9d19e1a8b090eefe93332d598d75dd7ed329997cee92ae6ef7b3716c88fa1829d937d8c7c1ccf2ce29dd
SSDEEP

384:EUBHo7xX9iGgOa7Pfp+/BRiBZWG5VL3ArCQBC+k7OUXiTPZNKI:EB7TiGgH7PR8BnKVL3t+k7DX+PZt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
518ce32380161dee5ae7bbfdcd6b4ce0155392731ed5d91a0f3469497137c3e9

Files

518ce32380161dee5ae7bbfdcd6b4ce0155392731ed5d91a0f3469497137c3e9
.dll windows:4 windows x86 arch:x86

fedfc33dcac1807d8e26bf3a6cf34097

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
SetThreadPriority
CreateThread
GetModuleFileNameA
DisableThreadLibraryCalls
EnterCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
CompareStringW
CreateProcessA
WriteFile
GetTempPathA
GetLocalTime
VirtualAlloc
VirtualFree
DeleteFileA
Sleep
CreateFileA
GetLastError
CloseHandle
LoadLibraryA
DebugBreakProcess
GetProcAddress

user32

GetDC
GetCursor

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA

gdi32

GetPixel

advapi32

OpenSCManagerA
CloseServiceHandle
ControlService
OpenServiceA
DeleteService

msvcrt

_except_handler3
sprintf
memcpy
strcat
strcpy
strrchr
strlen
memset

Exports

Exports

DriverProc
modMessage
modmCallback

Sections

uThy72d
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ