04400ddfc4341e908dff21a10522bd65 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04400ddfc4341e908dff21a10522bd65
Size

2.8MB
MD5

04400ddfc4341e908dff21a10522bd65
SHA1

83968968e0c4e1e4a47c908614b7806e2cfc8590
SHA256

4ccc536b98aaa9cb02c41b916f6807e190b2a367bbedc717f07d5fcab6c44895
SHA512

94ca5cf40582876c8dee4498831459df1f707b7ab9e15821e08d8fb48223073c7ce52b886b070171ca09a28e82eade9e7b5d37f65cb2c4395a8608a8587e2549
SSDEEP

49152:wIdF74VmhJHPQFlnq0ZK12K+Pbnh73OhACet39zuJQ+/V2tOs2Spmx8wG6Z1QOxV:NjLHPSnq0ZK12PPbnpOACet3hz+/V4v2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/phone-a.exe

Files

04400ddfc4341e908dff21a10522bd65
.zip
ReadMe.txt
conf.cfg
db.dat
history.dat
phone-a.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 819KB - Virtual size: 818KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 5KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ