11fbe0d6ff2e3831f886d4021c4da53b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

11fbe0d6ff2e3831f886d4021c4da53b
Size

137KB
MD5

11fbe0d6ff2e3831f886d4021c4da53b
SHA1

c4dc64c09a77bad543d1628602ec981980eeb3a2
SHA256

c1ad79ed1fcc74d82834273529198735469d1224fc29820a31780284f5b7aa86
SHA512

ab15ab32bc081a52e2e6ad9e6749ca61c357c60c252911c845a1845290eee88c8c3f91db1201d78468abdfd2b9b1c6a547663f2dd69e98d8ae4d43e5e0829b77
SSDEEP

3072:mwut13/hYunnpr3LAMXE50cgu+bNZkEk6+/9/o5mtJGBpdQ:mwuzhtnnpr8MU2cgrp189fOL2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11fbe0d6ff2e3831f886d4021c4da53b

Files

11fbe0d6ff2e3831f886d4021c4da53b
.exe windows:4 windows x86 arch:x86

b511aea3a186c1213c601d569b277c1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FindNextUrlCacheContainerW
FtpGetFileA
FtpGetFileSize
FtpOpenFileA
FtpRemoveDirectoryW
FtpRenameFileW

advapi32

GetSecurityInfo
GetServiceKeyNameA
GetTokenInformation
ImpersonateSelf
IsTokenRestricted
IsValidAcl

shell32

SHFreeNameMappings
ExtractAssociatedIconExA
SHChangeNotify
SheGetCurDrive

gdi32

GdiGetPageCount
GdiResetDCEMF
GdiStartDocEMF
GetDCOrgEx

Sections

.text
Size: 63KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE