0195b890472d045e15406a4f1c0008857901208f75c34638712f61055be82efbN | Triage

Sharing

General

Target

0195b890472d045e15406a4f1c0008857901208f75c34638712f61055be82efbN
Size

13KB
MD5

2d6bb9d8a7881562fbd3b47e1edff880
SHA1

c9ec3de7257d0f22690dbf76a80de4c86b406f93
SHA256

0195b890472d045e15406a4f1c0008857901208f75c34638712f61055be82efb
SHA512

2f3ad03d86410e53a8b677ea9348fed9e6882e8867c6fff260d4fde6ca24454b00ba0bf693916987b2e218b8eb0d122130d47bc7678ecd906356340bf0f85771
SSDEEP

192:z4p+9L04QYtTElLFnnY1VsRlo40pQ+dL+R3+rPK3c5Zq7:+mjT6dEVsrV+dHCd7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0195b890472d045e15406a4f1c0008857901208f75c34638712f61055be82efbN

Files

0195b890472d045e15406a4f1c0008857901208f75c34638712f61055be82efbN
.dll windows:4 windows x86 arch:x86

8f74cb168ecd1f2dc5b8db4799b0fab5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
VirtualProtect
Sleep
lstrcmpA
lstrcatA
lstrcmpiA
lstrcpyA
ExitProcess
lstrlenA
GetTickCount
lstrcpynA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
WritePrivateProfileStringA
GetTempPathA
ExpandEnvironmentStringsA
GetPrivateProfileStringA
GetModuleFileNameA
GetModuleHandleA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
CreateThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA

user32

SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
CallNextHookEx

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA

Exports

Exports

Hookoff
Hookon

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ