de4d0c01c595ef12b8a52c36ddd09b117feda0c02e3059deb74009d33ab4193f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de4d0c01c595ef12b8a52c36ddd09b117feda0c02e3059deb74009d33ab4193f
Size

28KB
MD5

a64878883faeb37d3522dfa99b59e422
SHA1

5b389460a4f729c972d978e49872729acf692829
SHA256

de4d0c01c595ef12b8a52c36ddd09b117feda0c02e3059deb74009d33ab4193f
SHA512

e5d8398c801e78b9884e5dd5656bc150648fb7a882482ef44b5ba24f687bc9a535867266bbb35ad24c0f55fbc2f7348c8b5efcf6b3279a4df4e8152ea2ca1c2a
SSDEEP

48:qDGnLLPizDi0vljs5uWrN0vAUWnm0Q1uM5vCX9EXjyJD5C96j5uhooMGRl4:lHuDi0vJsbUfumaOXjiDa61uhoGRm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de4d0c01c595ef12b8a52c36ddd09b117feda0c02e3059deb74009d33ab4193f

Files

de4d0c01c595ef12b8a52c36ddd09b117feda0c02e3059deb74009d33ab4193f
.dll windows:4 windows x86 arch:x86

a3989eb3e4121f56617ad00e9ad7f3be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA

crmem32

ord37
ord149
ord2
ord126
ord3

ws2_32

WSACleanup
socket
WSAStartup
ntohs
recvfrom
sendto
setsockopt
htons
inet_addr
bind
closesocket
getsockopt

msvcrt

time
memcpy
sprintf
memset
_stricmp

Exports

Exports

_ntop_bind
_ntop_enable
_ntop_hasconnections
_ntop_inject
_ntop_recvfrom
flowexp_recvfrom
sock_open

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 827B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 357B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ