med_tanque[.]exe

General

Target

med_tanque.exe
Size

6.6MB
MD5

3a8d48a6e2aeac3f508431e1cb1c8567
SHA1

e7669cebf70254fc9988c2a273485282469ec678
SHA256

c9962413ff267b7552b4a71be9b21e25c2623769597e2a0660ec4549ba2d3a58
SHA512

79a392528f789dd2b1713d031dc265d8a4da39ccfa9d8921683478b1c8c5628799ff9ed769ddcea111cb6fd39dc6c8751f1ccf3fbf376be95cb7c04f25b6c7a0
SSDEEP

196608:ILMDoh84d03tpvThhPXH/bC89ZA1zHbX8p:Q03bvThhPFQzu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
med_tanque.exe

Files

med_tanque.exe
.exe windows x86

76742f38f93f518fe7d6945d801563dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetFocus
MessageBoxA

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
calloc
__p__fmode
__set_app_type
_except_handler3
_controlfp
realloc
strrchr
_putenv
sprintf
malloc
_snprintf
free
__p___argv
__p___argc
strncpy
__p__commode

python22

Py_InitModule4
PyRun_SimpleString
Py_GetPath
Py_Initialize
Py_SetProgramName
Py_OptimizeFlag
Py_VerboseFlag
Py_NoSiteFlag
Py_SetPythonHome
Py_Finalize
PySys_SetArgv
PyErr_Print
PyArg_ParseTuple
PyImport_Import
PyString_FromStringAndSize
PyModule_GetDict
PyObject_CallFunction
PyImport_ExecCodeModule
PyDict_New
PyInt_FromLong
PyDict_SetItem
PyDict_GetItemString
PyExc_KeyError
PyErr_SetString
PyInt_AsLong
PyString_FromString

kernel32

LocalFree
FormatMessageA
GetLastError
GetModuleFileNameA
MapViewOfFile
CloseHandle
CreateFileMappingA
GetFileSize
CreateFileA
UnmapViewOfFile
GetModuleHandleA
GetStartupInfoA
lstrlenA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76742f38f93f518fe7d6945d801563dc

Headers

File Characteristics

Imports

user32

msvcrt

python22

kernel32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB