6afab791355040e742211a8f9cb329ab | Triage

Sharing

General

Target

6afab791355040e742211a8f9cb329ab
Size

159KB
MD5

6afab791355040e742211a8f9cb329ab
SHA1

05481f445065fde03e44754de479500256682249
SHA256

dde7c7a576049491c3fa0922c5bca4c1f3050ece324635bc535cc6293175f764
SHA512

c5abfe252f8d8dcbbc3b5b73b452c3df4a4dee10c6356c9633148f457889856100565b62a64a489e6a4b7025ea2d95ff215f2e70dc53485c90f176818d4d7a62
SSDEEP

3072:EDQoLeoSbVB5OFgZ2ohESNjOqBxPqxEIgOinYpF9Xs7OzbrRp3/+lq:kupB/Sxq7XOiYv9Xs7OTv/+l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6afab791355040e742211a8f9cb329ab

Files

6afab791355040e742211a8f9cb329ab
.exe windows:4 windows x86 arch:x86

4bf76bf373f0d8f9d1d862d675c80447

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProfileStringA
GlobalUnlock
IsBadCodePtr
VirtualAlloc
SetConsolePalette
lstrcat
GetOEMCP
GlobalFree
DeleteAtom
GlobalAddAtomA
GetLastError
LoadLibraryExA
SetCommBreak
CloseHandle
HeapCreate
EnterCriticalSection
GlobalAddAtomA
RaiseException
GetStdHandle
LoadResource
LocalFree

user32

IsIconic
GetWindowTextLengthA
EndPaint
GetFocus
GetForegroundWindow
GetClassNameA
GetWindowTextA
GetDC
GetWindow
CloseWindow
GetClassInfoExA
ShowWindow
AlignRects
GetActiveWindow
BeginPaint
ReleaseDC
ValidateRect
DrawEdge
GetParent

wsock32

WSAAsyncGetServByPort
WSAStartup
WSAGetLastError
WSASetBlockingHook
WSACleanup

linkinfo

CreateLinkInfoA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ