47894bb24d02f488b07a75476208ae1a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47894bb24d02f488b07a75476208ae1a
Size

2.9MB
MD5

47894bb24d02f488b07a75476208ae1a
SHA1

ba4d538ce4d5a0d17a4669668d42ed7210a9a5ab
SHA256

16c00c45610a3c043096a2e7d868088e8199b386a63cf905c1c79e412735301f
SHA512

1ed4d10da71e7e29790bbf430bd56fffe50c094bb31ba73501e94c262a3835d66ae756195e6760cddcbb27a8317b3095d0f164fda4618905782a3974c98b5d32
SSDEEP

49152:dU4H42zk1bOxn6w5mFhdS6JVGUcaMIEfdul1TAkkqLk6/a7yp3uReWh:d21buAtS6vllIlulpAkkn6/LWh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47894bb24d02f488b07a75476208ae1a

Files

47894bb24d02f488b07a75476208ae1a
.exe windows:5 windows x86 arch:x86

8c8d6220f7d320f9e811414b09f9bfdb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetVersionExA
GetVersionExW
GetThreadTimes
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ