faf1ebc7a392e8306722f1e2164baecf7d5c7be7ae5344f092c35562034aa7a8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

faf1ebc7a392e8306722f1e2164baecf7d5c7be7ae5344f092c35562034aa7a8
Size

77KB
MD5

06fbc2b51697fdeb0414aaf671f84f32
SHA1

dc4cee30de06aec96ef3599f630ef9790644735e
SHA256

faf1ebc7a392e8306722f1e2164baecf7d5c7be7ae5344f092c35562034aa7a8
SHA512

29e63e214bb20fd8699c4bcbf87b743bd6627a9d335ebe33bc7c499ca6ceb1d5e87638df6eae9ca6ab5141b81df5b2f3ec73b8b92064e6997a5a87ae01b90af7
SSDEEP

1536:9NNbLLLLL6LLVtBswbVA7Si9uTQbPbGPjMBt7P4Xmj7FF5SRi9ZUFXm0glBy1:9N+tBfbV493aM8M7Ei/0q6

Score

N/A

Malware Config

Signatures

Files

faf1ebc7a392e8306722f1e2164baecf7d5c7be7ae5344f092c35562034aa7a8
.exe windows x86

eb87057ccbe8e0d70c8eabe6f9a6c7ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
RtlMoveMemory
GetCommandLineA
Sleep
GetModuleHandleA
GetFileAttributesW
DuplicateHandle
lstrcatA
GetThreadLocale
GetTempPathA
LoadResource
IsValidCodePage
GetExitCodeProcess
GetCommandLineW
DeleteFileA
GetLocaleInfoW
VirtualProtect
IsBadCodePtr
GetDateFormatA
GetProcAddress
GetVersionExA
SizeofResource
SetStdHandle
GetLocalTime
WriteConsoleA

msvcrt

_XcptFilter
_controlfp
__set_app_type
_adjust_fdiv
__getmainargs
_initterm
_except_handler3
__p__commode
_exit
__p___initenv
__p__fmode

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ