c597b29ce0188fbde5dce681a10d15bfc61b6c94efa78aa8910057f70915590a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c597b29ce0188fbde5dce681a10d15bfc61b6c94efa78aa8910057f70915590a
Size

304KB
MD5

2fe58f3bde8a5acc669dfb9c3e7f2e00
SHA1

9392a11e13baad3f1f49ab296d5f2745f7816849
SHA256

c597b29ce0188fbde5dce681a10d15bfc61b6c94efa78aa8910057f70915590a
SHA512

9dd7455355b82f274b3e478895de170ae6cdca3e8f6ef0e04726677051eff84bf686fa3a16b1bae1f18b206639d3fa8b9b8cfb7a7f8e58d5c9a37ccdc8c913d3
SSDEEP

6144:Cqtgr8x+8RWmLz+dV1BUHUUss7F5o9/vypihQwq9F6sCR:Cqtgl8RWmLz+VBpU95oRgLvF6d

Score

N/A

Malware Config

Signatures

Files

c597b29ce0188fbde5dce681a10d15bfc61b6c94efa78aa8910057f70915590a
.exe windows x86

0a654c40792a715ad279f32c09fd980e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
Sleep
Sleep
lstrcpyW
InterlockedDecrement
GetExitCodeProcess
InterlockedIncrement
SetEnvironmentVariableA
WaitForSingleObject
Sleep
CreateDirectoryA
GetPrivateProfileSectionA
FindResourceW
LoadLibraryExA
WriteFileEx
lstrcmpA
GetPrivateProfileIntA
GetDiskFreeSpaceW
GetLongPathNameW
GetDiskFreeSpaceW
LoadLibraryA
GetFileAttributesA
GetPrivateProfileIntA

apphelp

AllowPermLayer
ApphelpCheckExe
SdbDeletePermLayerKeys
ApphelpCheckIME

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rss
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ