5329a50cc358323cd327803cf53d0bb5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5329a50cc358323cd327803cf53d0bb5
Size

35KB
MD5

5329a50cc358323cd327803cf53d0bb5
SHA1

e39df72a0cc4c4c6b376c456995cea54365a9344
SHA256

c89f1f2b2213768b6cd3cc101a40f5ab31930f7730122902b092ecd7bf3fd07d
SHA512

24471262b622257e460597d27ea59df04d504c93dff8b1e555fb6f1498b8db1897694c0caca165388b327d84f3dd60ce4ec2d6220a258f939d7d5007ce90f82f
SSDEEP

384:iLu23/Tzl07FmV56O7T46Urtw0HFza1ZB/Chu1xLs+C3IYOKYOFzWPTcKrZ9RFq3:ijrZ07Fm346AdqJkSe9nsrZxqIfgMFm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5329a50cc358323cd327803cf53d0bb5

Files

5329a50cc358323cd327803cf53d0bb5
.exe windows:4 windows x86 arch:x86

3183b6b50066deeb53760909d3e9930c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__main
_fopen64
_impure_ptr
accept
atoi
atol
bcopy
bind
calloc
close
connect
cygwin_internal
dll_crt0__FP11per_process
exit
fclose
fgets
fork
fputc
free
gethostbyname
getpid
getppid
htons
inet_addr
inet_network
ioctl
kill
listen
malloc
memcpy
memset
ntohl
pclose
popen
rand
realloc
recv
select
sendto
setsockopt
sleep
socket
sprintf
srand
strcasecmp
strcat
strcpy
strdup
strlen
strncmp
strncpy
strtok
time
toupper
vsprintf
waitpid
write

kernel32

GetModuleHandleA

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE