487708fa179d197243420aee62fc4401b1964ca3ef8ac1cee330a1882cad87e9 | Triage

Sharing

General

Target

487708fa179d197243420aee62fc4401b1964ca3ef8ac1cee330a1882cad87e9
Size

24KB
MD5

01fba9f63b168d880b2c069db312c26b
SHA1

19fb6f16430b819996d3575b8c981014c7bf2f1c
SHA256

487708fa179d197243420aee62fc4401b1964ca3ef8ac1cee330a1882cad87e9
SHA512

74b060137195da9961bf387ff898b0fde0adbfc649266b742bfa4cb4219a25ad96e35cb68ebb4b8eadbd5e511ce5433bd2f777a237df28aa5309cb03af31e846
SSDEEP

96:ot8Bls2xGJCsqUUisGxp93snBBb3U3fZZu4J6SMscqRRiqf9g+eR4iN80x:48BGk6CEZrKnBBovCTFD0R5gh+2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
487708fa179d197243420aee62fc4401b1964ca3ef8ac1cee330a1882cad87e9

Files

487708fa179d197243420aee62fc4401b1964ca3ef8ac1cee330a1882cad87e9
.dll windows x86

04f0000b8a7f8b810a6c09d1443f44dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
RtlMoveMemory
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapFree
IsBadReadPtr
FreeLibrary
GetProcAddress
LoadLibraryA

ws2_32

connect

msvcrt

atoi
strchr

user32

wsprintfA
MessageBoxA

Exports

Exports

s

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 587B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ