770c542e1e034d8352055f8fc95123ca | Triage

Sharing

General

Target

770c542e1e034d8352055f8fc95123ca
Size

14KB
MD5

770c542e1e034d8352055f8fc95123ca
SHA1

c09430a3021681daafa1e935c0ea25aae8ad8006
SHA256

77f5fc744873b858297b8cd53c2261f113bb1ebe7d1e2f56d01f1001964d5fb3
SHA512

eb9779066917377fabc58b022db52e93a1746bd8d7977dc0870db2f3d627ca19f01185687e3aa50b0a03f71326ccd726a47279cb81db08e4c88dc5f5623b0de5
SSDEEP

384:WFKstmGYtctP3TI84YX5nkdWJyyGSmK8wg7Q1XJ8:xUVuYfJyd5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
770c542e1e034d8352055f8fc95123ca

Files

770c542e1e034d8352055f8fc95123ca
.exe windows:1 windows x86 arch:x86

c8f30ef6261b2f47f92babb1f362ab56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

user32

CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EnumChildWindows
FindWindowA
GetMessageA
KillTimer
PostQuitMessage
RegisterClassA
RegisterClassExA
SendMessageA
SetTimer
ShowWindow
TranslateMessage

rasapi32

RasEnumEntriesA
RasGetEntryDialParamsA

wsock32

closesocket
send
recv
connect
ioctlsocket
htons
socket
inet_addr
gethostbyname
gethostname
WSACleanup
WSAStartup

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateThread
ExitProcess
FreeLibrary
GetCommandLineA
GetComputerNameA
GetFileSize
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
SetFilePointer
WriteFile

Sections

AUTO
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 7KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE