df29bdef141ad03484d8fb82ea58e2a4 | Triage

Sharing

General

Target

df29bdef141ad03484d8fb82ea58e2a4
Size

28KB
MD5

df29bdef141ad03484d8fb82ea58e2a4
SHA1

69be07931464d63f738c46e0f8cc7819e1b641bd
SHA256

3a8a0a56b7dbdd91d1935c0a13ffe97ad5563ddf6178cca99db7f330d07aebb2
SHA512

9d3199a84102ff952f781a109cefaef6b439f6535c294e880abd532f59bd284d65e3a4aef67e8ef2df6a97245f8bb974f7cad52731e1251bc496e62d61881000
SSDEEP

192:TwkWJX5gLrzg+szNdwVzEVcb7XJr0Fx0Ze2qb:TwkWHg3zzI3URh9s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df29bdef141ad03484d8fb82ea58e2a4

Files

df29bdef141ad03484d8fb82ea58e2a4
.dll windows:4 windows x86 arch:x86

0815cdbf8dc115dddbf78e419dc27759

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1158
ord2818
ord858
ord4278
ord860
ord2764
ord540
ord800
ord537
ord939

msvcrt

_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
__CxxFrameHandler

kernel32

CreateThread
OpenProcess
GetCurrentProcessId
GetModuleFileNameA
Sleep
ReadProcessMemory
CloseHandle

user32

UnhookWindowsHookEx
DispatchMessageA
TranslateMessage
GetMessageA
SetWindowsHookExA
CallNextHookEx

ws2_32

recv
closesocket
send
connect
htons
socket
gethostbyname
WSAStartup

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ