akari[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

akari.exe
Size

2.8MB
MD5

464a26c583a979f151da3077862edc01
SHA1

d88fa2778dd02482f0b8c68aacf599bf82ab4bce
SHA256

11956060dfc9b67f2028a829cc8b4a1e478b34f2a4c84be849b7ef5f816ad07a
SHA512

a8d6769156d35a061df17f55d9c387fdd17209f63950ceb46de660e755ba40b686a877c05860901163cfb1b733cdd9e413bf1913b8c0674830acc17cc2bdbb87
SSDEEP

6144:uhlpg/kqmMTEIA87zJicu7iSmTo/Y22jfhk91ycXncd1+8k6iOL0LJ+hlDp3l36P:uhlKkq/Ek8eFkQiDxc7p/0UhlWNnk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
akari.exe

Files

akari.exe
.exe windows x86

ddc5150f581962a9c62351379a6e0277

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
ord583
ord587
ord588
ord589
MethCallEngine
ord516
ord517
ord660
ord553
ord556
ord558
ord667
ord592
ord593
ord594
ord595
ord709
ord631
ord632
EVENT_SINK_AddRef
ord529
ord562
DllFunctionCall
ord563
EVENT_SINK_Release
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord606
ord607
ord608
ord716
ord717
ProcCallEngine
ord537
ord644
ord538
ord645
ord539
ord646
ord648
ord572
ord573
ord681
ord685
ord578
ord100
ord616
ord617
ord618
ord619
ord542
ord543
ord544
ord545
ord546
ord547
ord580
ord581

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ