e8f8a40f83c4869d110e2da678b38135 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e8f8a40f83c4869d110e2da678b38135
Size

23KB
MD5

e8f8a40f83c4869d110e2da678b38135
SHA1

51aeb31cabe55d41d0b6b9f0eb5312f84b855e87
SHA256

9fd6d1b921206ca07c89b49b6f8132220420dc3d3e0a789fc60f47640669fdc7
SHA512

d1cbd2da4b3fc66b140ba54851ca2a47bd7d273f99f338edfb74199569abb45cf81f68c2c75eef95d82b4d124a124ca7b70dbf350c290a14e5cc57407aecf6e7
SSDEEP

384:hw0mi++0azvxVj0UstXJuhg0RhY8XiJzF:DmC0aTjV/Tuh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8f8a40f83c4869d110e2da678b38135

Files

e8f8a40f83c4869d110e2da678b38135
.exe windows:4 windows x86 arch:x86

14cc8a1596bbbb6d54e348306157ece3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cygwin1

__errno
__getreent
__main
_fcntl64
abort
atoi
bzero
calloc
close
connect
cygwin_internal
dll_crt0__FP11per_process
exit
fprintf
free
gethostbyname
getopt
getsockopt
htons
malloc
memcpy
memmove
optarg
perror
printf
pthread_atfork
read
realloc
recv
select
send
setsockopt
sleep
snprintf
socket
strcat
strcpy
strlen
strncat
strstr
write

kernel32

AddAtomA
FindAtomA
GetAtomNameA
GetModuleHandleA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 224B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE