649b97ed4fd4babdeb8a1f566d2fdb00 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

649b97ed4fd4babdeb8a1f566d2fdb00
Size

175KB
MD5

649b97ed4fd4babdeb8a1f566d2fdb00
SHA1

b55b5d5e723b7b7676235a7976dc628321988b8f
SHA256

e9816ccd72286a8f1457ea46414aa4c893d181fb8d60909e46fb48f5618a80b2
SHA512

33841c8112fc1f2a8763067abb29a490e6cb600bd4982323743be79513e6d096fbb993a44de2a359ae2c0111db08342f0cc704bc1eea0067dbb15647377556ae
SSDEEP

3072:yD99u0cf5WiLDuyQJgylaEAPYtsNQkl9jAwhbX7gs6YQWFNMliMMr3da4/rE5h:au0cxWiaiE4NQIvhP+iH3t4v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
649b97ed4fd4babdeb8a1f566d2fdb00

Files

649b97ed4fd4babdeb8a1f566d2fdb00
.exe windows:4 windows x86 arch:x86

c7c98ce95ea1ed2ada5e617d00e6ec10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
GetStdHandle
LoadLibraryExA
IsBadCodePtr
WriteProfileStringA
LoadResource
RaiseException
SetCommBreak
GetLastError
GlobalAddAtomA
EnterCriticalSection
DeleteAtom
SetConsolePalette
GlobalAddAtomA
VirtualAlloc
GlobalFree
HeapCreate
CloseHandle
lstrcat
GetOEMCP
GlobalUnlock

user32

BeginPaint
EndPaint
GetWindowTextLengthA
CloseWindow
ShowWindow
GetParent
ValidateRect
GetForegroundWindow
IsIconic
GetDC
GetWindow
DrawEdge
GetWindowTextA
ReleaseDC
GetActiveWindow
GetFocus
AlignRects
GetClassNameA
GetClassInfoExA

wsock32

WSAGetLastError
WSAAsyncGetServByPort
WSAStartup
WSASetBlockingHook
WSACleanup

linkinfo

CreateLinkInfoA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ