44e41b976a46b8b468bb35ca44743333 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44e41b976a46b8b468bb35ca44743333
Size

5KB
MD5

44e41b976a46b8b468bb35ca44743333
SHA1

092a70b0c286e87b049497a2cc2e1ce8d13b593d
SHA256

b964803d57dede954a2fe1604b5ef754fb643e86c91fde0548fe1062729bd615
SHA512

6fa02d05b203c213db12d1af1da7d81e645678967d5abbde1a77e3a6f64f64a29a82b340792ed104cc238bbac84c75aa269e84a173b672768a014f015271c331
SSDEEP

96:CwjUE0LV+4crXx1vqzZuoL8KhRXixetIBJctP:CwV0oR1CVIKbi7BJctP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44e41b976a46b8b468bb35ca44743333

Files

44e41b976a46b8b468bb35ca44743333
.exe windows:1 windows x86 arch:x86

a88735367da2b295c697c9c76c7d58be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
connect
gethostbyname
htons
recv
send
socket

kernel32

GetCommandLineA
GetModuleHandleA
CloseHandle
GetSystemDirectoryA
CreateFileA
RtlUnwind
SetFilePointer
WinExec
WriteFile
CreateThread
DeleteFileA

crtdll

__GetMainArgs
_sleep
atoi
exit
raise
rand
signal
sprintf
strchr

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 328B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 932B - Virtual size: 932B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE