ea166f84f5b1659a3ee999fb020ecd9c065ff60cdcf1a94b2985133db5016cf0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea166f84f5b1659a3ee999fb020ecd9c065ff60cdcf1a94b2985133db5016cf0
Size

944KB
MD5

994d1e88fa8bffc6f8c77d6dda3176e1
SHA1

04032189c2b7e3c64a7dd2cecd95c5aaab47a56d
SHA256

ea166f84f5b1659a3ee999fb020ecd9c065ff60cdcf1a94b2985133db5016cf0
SHA512

d169b04bfef3c72ed598fc2953935e6b7257715def2f8e1cade49acfe3ce79622b4a8510619989ffdb2a065016d954352666b88f5e758fd41b57e28492f86011
SSDEEP

24576:OVwSaZDd8FxxZ+LGq3xOsjpArCvVv8/NDlpNp2MANYYO:OjsLG+wIG62/1jsO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea166f84f5b1659a3ee999fb020ecd9c065ff60cdcf1a94b2985133db5016cf0

Files

ea166f84f5b1659a3ee999fb020ecd9c065ff60cdcf1a94b2985133db5016cf0
.exe windows:4 windows x86

e52ba2832cdcff9f46b109077aa535db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5300

msvcrt

_exit

kernel32

CreateEventA

user32

IsIconic

ws2_32

WSAStartup

msvcp60

??0_Winit@std@@QAE@XZ

msvcirt

??_Dofstream@@QAEXXZ

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

advapi32

RegDeleteKeyA

shell32

SHGetFolderPathW

Sections

.text
Size: 8KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ