681c638ba54f3e9aab39cb05a21cedb3b4000ea7a1750d160385c115a9163b89 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

681c638ba54f3e9aab39cb05a21cedb3b4000ea7a1750d160385c115a9163b89
Size

119KB
MD5

0f5da49b396182c950780f1bba86c20f
SHA1

4b7933c0d2bb591d77a73e7de2279e2d1c852f64
SHA256

681c638ba54f3e9aab39cb05a21cedb3b4000ea7a1750d160385c115a9163b89
SHA512

d2885d5e4eb2470c6a2b10749e381a3a20a23a7d0d83dd968c82b2166e7c16c9003e94f7545980fcc3d208f9b0e55467b1a231d49db86bacac704b77ff3695a1
SSDEEP

1536:naN/t/RrYnpowRL0a1LvhkJxiFs5pc8YaEJwZK4/83ZoMOAtpstLVPF8:aP/VTkL0a1jhkbp5phZEXtpxtELVN8

Score

N/A

Malware Config

Signatures

Files

681c638ba54f3e9aab39cb05a21cedb3b4000ea7a1750d160385c115a9163b89
.exe windows x86

c6bfd6c6106e2b1320f9939805ecd614

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetInformationJobObject
NlsConvertIntegerToString
VirtualProtectEx
ConvertThreadToFiber
VirtualProtect
GetEnvironmentStrings
IsDBCSLeadByteEx
GetHandleInformation
FindFirstVolumeMountPointA
CreateVirtualBuffer

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.krdata
Size: 63KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE