358e72f6e0e2d1f1afb0fc53a47219cf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

358e72f6e0e2d1f1afb0fc53a47219cf
Size

49KB
MD5

358e72f6e0e2d1f1afb0fc53a47219cf
SHA1

0f33e16081e27dabc5f3584fa8dc585fe58a61ec
SHA256

47a3875381efa960b6edaf04948b135bc68a95dd1ad9fbf74150b6008d31c591
SHA512

bd0039b37c4aadea10d9de876debd94e7daea7504aa6805da7418088d479ad921b752c8e3bfa1e78e85973df8ab7d321853b6ce7038551a04bc02374a67dcc4a
SSDEEP

1536:5XPx6Iba1EqrJpXvhEIuxTnTOen1m333P+IBz4A8:5XPXbopXOIuNnCenKt4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
358e72f6e0e2d1f1afb0fc53a47219cf

Files

358e72f6e0e2d1f1afb0fc53a47219cf
.exe windows:5 windows x86 arch:x86

11d64afc6b8d312779024c6cad45e8cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetForegroundWindow

shlwapi

StrPBrkA

kernel32

IsValidCodePage

Exports

Exports

RoamingTraiI
?ImpactDS@@YG_JU_HALIGNLEFT@@U_REMOTECONTROL_SYS@@@I
?JoinLower@@YG_JU_HALIGNLEFT@@U_REMOTECONTROL_SYS@@@I

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.write
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.read
Size: 512B - Virtual size: 245B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ