bfba96b4393450c59b8028673b50b89bbdeadfff7dc19c6297b2bb3311b14769 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfba96b4393450c59b8028673b50b89bbdeadfff7dc19c6297b2bb3311b14769
Size

6.3MB
MD5

6d1944a08500cc61f94d415f144f9815
SHA1

2e3a4cdc1843ff73d1fa09f9443306003c0470de
SHA256

bfba96b4393450c59b8028673b50b89bbdeadfff7dc19c6297b2bb3311b14769
SHA512

6e6b3cbbceb7a070c3f62f1734165ec1016e36e9752826ab70b899d25cf6c7dc477edd2ef3c193127da1d92a68e777d3bf27623acdabc0917bee1e82608a1975
SSDEEP

98304:rFWGZrfFBECM1ahDuM4yb3NmJN1x/lDxGZcifE4h8fENX9zUWM:RWGZrf/T73Nmx/xIZcGEtfw9AV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfba96b4393450c59b8028673b50b89bbdeadfff7dc19c6297b2bb3311b14769

Files

bfba96b4393450c59b8028673b50b89bbdeadfff7dc19c6297b2bb3311b14769
.exe windows x64

84f15be88c645ca1c3ae64df14074896

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CopyFileA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

EmptyClipboard

advapi32

RegCreateKeyExA

Sections

.text
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

$TFWE0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

$TFWE1
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

$TFWE2
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ