dbf6f7e48d89709e3fd42f0ed69a684d1d5ed8e673d9c4402d529a2f38c690c4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dbf6f7e48d89709e3fd42f0ed69a684d1d5ed8e673d9c4402d529a2f38c690c4
Size

274KB
MD5

7b0805df85e7b2b160787a8353aae413
SHA1

db00e8177e492515924268d1d13dc791172f76a0
SHA256

dbf6f7e48d89709e3fd42f0ed69a684d1d5ed8e673d9c4402d529a2f38c690c4
SHA512

d0d3e8e9b9c50c7362c72a4c09dcf0a90434c35458e55ef4c996770a3fedbb7050eb74c1b6d1b2ab332b1bb25dab2d6c22d713c84b6dbf80b103f91a29dc955a
SSDEEP

3072:+h2ELv5EaB0txiHdHRi0pEyvEQPgOtQySr:+h2EL+aSr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbf6f7e48d89709e3fd42f0ed69a684d1d5ed8e673d9c4402d529a2f38c690c4

Files

dbf6f7e48d89709e3fd42f0ed69a684d1d5ed8e673d9c4402d529a2f38c690c4
.exe windows x86

1bcfb225414787387d085ae0fbb01771

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
CreateProcessA
lstrlenA
VirtualAllocEx
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
CloseHandle
GetProcessHeap
ExitProcess
HeapAlloc
HeapFree
IsBadReadPtr

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE