5f39a50bb49cbee1e3cd191ca479ed748be0360fa157b836fd69cedb275c96fa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f39a50bb49cbee1e3cd191ca479ed748be0360fa157b836fd69cedb275c96fa
Size

816KB
MD5

0d216a34c9abac74b2342868f08240ce
SHA1

9bad26276bec9e34675960fe2300cc2fea8acc49
SHA256

5f39a50bb49cbee1e3cd191ca479ed748be0360fa157b836fd69cedb275c96fa
SHA512

784e6c0683362bd4d954e8d3c8103b8ff36ec3fff5660e32f9ef6eff2086d05068108743caa6a9c650ab08546a92c2a091c7a74486065c3336847b7c826a0d33
SSDEEP

24576:1FCccM1px+mtg9xOmMFjFR2RjN65yjtk7:1Rd1pU9L25R2Rhu

Score

N/A

Malware Config

Signatures

Files

5f39a50bb49cbee1e3cd191ca479ed748be0360fa157b836fd69cedb275c96fa
.exe windows x86

cd5ea5d2c586c7bbd1c8a0f526b43a60

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetStartupInfoW
GetCurrentProcess
lstrcpynA
GetLocaleInfoW
FindNextVolumeW
lstrcpynA
lstrcpynA
GetFullPathNameA
lstrlenA
GetNumberFormatA
DeleteFileW
SetCurrentDirectoryA
lstrcpynA
TlsGetValue
GetModuleHandleA
GetPrivateProfileIntA
TlsAlloc
TlsAlloc
lstrcpynA
CreateEventA
FormatMessageA
GetModuleFileNameW

vssapi

VssFreeSnapshotProperties
IsVolumeSnapshotted
??0CVssWriter@@QAE@XZ
??1CVssWriter@@UAE@XZ

Sections

.text
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 797KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ