05a304e1cab41f6ff2ee2cb6491d2665 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05a304e1cab41f6ff2ee2cb6491d2665
Size

218KB
MD5

05a304e1cab41f6ff2ee2cb6491d2665
SHA1

45f6d45bfa464f0b385ae5b9c1bffd4faa3c6900
SHA256

7ec2c924936c12ee82b13f7a51ebd0ae24cbc646cf57393fa68feb3e6c0dcbe8
SHA512

f11cb7894aa52b5127828416fba99705a0a660bcea329dd6e6954b3a21ac92713d65a92b7e9f250d03b2111f26fdf6b0ad45b0baeec9610f2e0221f8d164f91f
SSDEEP

3072:OG15uh/eI/97llrTVlAQE+mk7DFFYnwXhGA6NKnHUc8rY/PkqrEb8I/KIdaHHG:jEvTVlAQ5mkvhGA/nHEYkP8o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05a304e1cab41f6ff2ee2cb6491d2665

Files

05a304e1cab41f6ff2ee2cb6491d2665
.exe windows:5 windows x86 arch:x86

0fee735fedbf84a6e643d8b2979dc9d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsCharAlphaNumericW

gdi32

LineDDA

kernel32

GetConsoleCP

Exports

Exports

RoamingTraiO
?ImpactDS@@YG_JU_HALIGNLEFT@@U_REMOTECONTROL_SYS@@@O
?JoinLower@@YG_JU_HALIGNLEFT@@U_REMOTECONTROL_SYS@@@O
?PowerUpgrade@@YG_JU_HALIGNLEFT@@U_REMOTECONTROL_SYS@@@O

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE