16F0F3DAC1F5860D2D6ED940A3C20C070E22A913A847D[.]exe | Triage

Sharing

General

Target

16F0F3DAC1F5860D2D6ED940A3C20C070E22A913A847D.exe
Size

56KB
MD5

f6536f7fe9feef17adc493638395555b
SHA1

157307ead7905b1844dcc69458f0531e66b31fb6
SHA256

16f0f3dac1f5860d2d6ed940a3c20c070e22a913a847d7b0be0aa2e18181d599
SHA512

5313d816e2aba0c2f9a2627ed8f1a7507aec05d7f7089a51307743bb215b1fe15e1596699f3b092dc117a5fcf21772a38ce326be8c917ba9aa1fe2492df96da3
SSDEEP

1536:+tzqxvhrplLk9h8egJPfWunoGh4R17mZDLn845OUKMkQKFoNek+5UD:+T8N3WuoGh4KZDL1gmKF0ek+M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
16F0F3DAC1F5860D2D6ED940A3C20C070E22A913A847D.exe

Files

16F0F3DAC1F5860D2D6ED940A3C20C070E22A913A847D.exe
.exe windows x86

1487c4c5076ffe9457791bd5690f2a3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memmove
_CIasin
_CIatan2
memcpy
strncpy
strlen

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
LoadLibraryA
GetProcAddress
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
HeapFree
ReadFile
HeapReAlloc
HeapAlloc

Sections

.code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ