b80114aa3fac991e704d0bf8d2b9d54e5eb72131a5193487ba46e4a66e2802f9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b80114aa3fac991e704d0bf8d2b9d54e5eb72131a5193487ba46e4a66e2802f9
Size

63KB
MD5

0e53ef12e7229e8c7ed51cd9bf576d98
SHA1

7de623e1e3a534986dddc4e064bb0fc59cbbf40e
SHA256

b80114aa3fac991e704d0bf8d2b9d54e5eb72131a5193487ba46e4a66e2802f9
SHA512

c21ad4f41d7f31061b3e89b9d209313fd0fb1a30a1c8ebdf9d69cd94febae7731a79696cddc5f571ffabc9d2fbac60fbb1dd2740e97b3a1dee520db544d7f40c
SSDEEP

768:yrupAckp0y+EyWpLkytTfJm1CCL7BxHSpOCUK7pzqL:yrupAckp+ytw1C+3ypOCUuA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b80114aa3fac991e704d0bf8d2b9d54e5eb72131a5193487ba46e4a66e2802f9

Files

b80114aa3fac991e704d0bf8d2b9d54e5eb72131a5193487ba46e4a66e2802f9
.exe windows:4 windows x86

bed7a6245afc614874300c30eb8da7b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
LocalFree
OpenProcess
GetCurrentProcessId
GetCurrentProcess
VirtualQueryEx
ReadProcessMemory
CloseHandle
WriteProcessMemory
VirtualAllocEx
WaitForSingleObject
GetProcessHeap
ExitProcess
LocalAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
ReadFile
GetFileSize
CreateFileA
WriteFile
FreeLibrary
LoadLibraryA
LCMapStringA
GetProcAddress
HeapAlloc
GetModuleHandleA

user32

wsprintfA
MessageBoxA

msvcrt

strchr
__CxxFrameHandler
strncmp
free
modf
memmove
qsort
sprintf
atoi
_ftol
_CIfmod
malloc
??3@YAXPAX@Z

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ