04a7657d0a3ca9f7db1250a3e4f10c57 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04a7657d0a3ca9f7db1250a3e4f10c57
Size

73KB
MD5

04a7657d0a3ca9f7db1250a3e4f10c57
SHA1

98f896d2e28f5bbd70fc39af08c66323e817a498
SHA256

d485a8f99889847eca32d607c7e18523661e47b6b5a97b571cea96bec5324064
SHA512

4d3a4981674c0a527c727b7a6140d036168cccd5a65d6bea6b5fc90f77cfb62b43f9e42b1bd7152680a82aec96a0b2fdc42bef729f20e9a83b2b50fe1f679215
SSDEEP

1536:vUmB2v0zxhWE9TE94kr2PmHYS/tMfORSTlGgN/tvh:F7zFm4SiOAk2/tvh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04a7657d0a3ca9f7db1250a3e4f10c57

Files

04a7657d0a3ca9f7db1250a3e4f10c57
.exe windows:5 windows x86 arch:x86

39e25ababdf00ab0ecf65baff7e023c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
lstrcmpiA
IsBadReadPtr
GetProcAddress
VirtualProtect
LoadLibraryA
VirtualAlloc
CreateThread
GetModuleHandleA

user32

SendMessageA
KillTimer
DefWindowProcA
SetTimer
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA

Exports

Exports

fgdfgdfg
gtbfdb
start

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ