615474ca78ff50fc7c729ff06c835b293adaa6cc91aab6bf4707902084b79c58 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

615474ca78ff50fc7c729ff06c835b293adaa6cc91aab6bf4707902084b79c58
Size

303KB
MD5

33d03f22e44fd411cae702fad12f6220
SHA1

9b55668620da70b1b021409d5cc8309684ed333c
SHA256

615474ca78ff50fc7c729ff06c835b293adaa6cc91aab6bf4707902084b79c58
SHA512

d89ddee17e50e8dabfdbd292b76ce9c78cb285a355614dca77506d62144d8506bc549da40733f7d47925c279ec1215ec8bedb5503e3b0f8c515cf7fdbda07fdd
SSDEEP

6144:UZqtgLnIH1tqTPNZ8AgIGhOAvXCdRsTX2crFv5Ipi//iSa0JUIFmN+ZK:gqtg20PNZ8AB53deTn/6i//na0JBFmQE

Score

N/A

Malware Config

Signatures

Files

615474ca78ff50fc7c729ff06c835b293adaa6cc91aab6bf4707902084b79c58
.exe windows x86

96435b10343d1bc49fa13bb8abf5ab81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
ExitProcess
LoadLibraryA
WaitForSingleObject
Sleep
FindResourceW
WriteFileEx
CreateDirectoryA
lstrcpyW
Sleep
InterlockedDecrement
GetPrivateProfileSectionA
Sleep
VirtualAllocEx
GetPrivateProfileIntA
GetDiskFreeSpaceW
SetEnvironmentVariableA
GetLongPathNameA
GetFileAttributesA
GetDiskFreeSpaceW
GetExitCodeProcess
InterlockedIncrement
lstrcmpA

apphelp

ApphelpCheckExe
AllowPermLayer
ApphelpCheckIME
SdbCreateMsiTransformFile

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rss
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ