56b46193edecb791312d6f3a7f41baf3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56b46193edecb791312d6f3a7f41baf3
Size

132KB
MD5

56b46193edecb791312d6f3a7f41baf3
SHA1

4ea37e4ebc5ec57b5394909bba4d98a3dd074093
SHA256

6de43023ad673886a8b9b223614243cb15ffd0114cba2892c4c29b671410ed18
SHA512

f1f80ca01176d539c2528fdc757fac41aa7b26036301aded6e9dfd9ab0bb7d1a107d21e6ce485de45e6281561cd0c525e18aa839b507e0fe6e02ab02fa418dd7
SSDEEP

3072:Hfg/RlxYNnNWherO81Vj+Om6Wr+2Mq1+BVn:/tUerbrjxr2V1+BV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56b46193edecb791312d6f3a7f41baf3

Files

56b46193edecb791312d6f3a7f41baf3
.exe windows:4 windows x86 arch:x86

b3815cd1edbfc1854de7c0e030d505e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
ResumeThread
VirtualAlloc
GetWindowsDirectoryA
Beep
FillConsoleOutputCharacterA
GetDiskFreeSpaceExA
DisconnectNamedPipe
MoveFileExA
ClearCommError
GlobalUnfix
ReadFile
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlZeroHeap
vsprintf
NtLockFile
strstr
NtReplaceKey

Sections

.edata
Size: 4KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Weijunli
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ