5046ade71e3651a10bc0a76df8cdda0d6feda16eab54ff45031c5364167e7bc3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5046ade71e3651a10bc0a76df8cdda0d6feda16eab54ff45031c5364167e7bc3
Size

3.3MB
MD5

21a903ffa241ff6aa573790c8f08b7d7
SHA1

654e4690b58a309664514c4c6b7ed84d13f76d41
SHA256

5046ade71e3651a10bc0a76df8cdda0d6feda16eab54ff45031c5364167e7bc3
SHA512

1ca2af8ec65ebdbc93770ec535fb4d40423d167be87effb6c0a3f22c775f8cb7e5bd3ca7b59ae6e2b27af2b453e985102ebc634b8b58e1c586cbe78cdab64d95
SSDEEP

49152:99pO02pBJaKBVi+S691NkbvmZ2Crxqdd2nhdL3HDhgfAS9Eku7oq33TTsQUC2q3n:9WAvmZlkdd2rmFuXsQUbUp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5046ade71e3651a10bc0a76df8cdda0d6feda16eab54ff45031c5364167e7bc3

Files

5046ade71e3651a10bc0a76df8cdda0d6feda16eab54ff45031c5364167e7bc3
.exe windows x64

f2beeb43b97c2a6713116d80c1b9b3c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

freeaddrinfo
shutdown
closesocket
WSACleanup
getaddrinfo
WSAStartup
send
socket
connect
recv

kernel32

GetComputerNameA
GlobalUnlock
CreateDirectoryA
WinExec
GlobalLock
GetProcAddress
GetModuleFileNameA
lstrlenA
GetVolumeInformationA
GetModuleHandleA
Sleep
CopyFileA
GetFileAttributesA
GlobalSize
GlobalAlloc

user32

CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
OpenClipboard

advapi32

RegCloseKey
RegCreateKeyExA
GetUserNameA
RegSetValueExA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.J8N
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ