faa865eb65c5bef62efb6ec88fd97233 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

faa865eb65c5bef62efb6ec88fd97233
Size

553KB
MD5

faa865eb65c5bef62efb6ec88fd97233
SHA1

92f53f0ab32c2b687922ff259f60f4f8d12b61a5
SHA256

eb00e3fa6da6aeb1302bd22dcf061843aab5b1f02332aa3817b0661fd90a749a
SHA512

33a31df34a134c76a44e1c993f5fcdf490fc58b6810d61efabf45fa825702999814fd286a016f8296919985ba6798c3d12905c01da7c20e547bed9ee47981ebf
SSDEEP

12288:Bp9d2+9uM6+hPP0F1tovIqq91jTUHKr6j:ZdaP+hH0F1tGrqnjlr6j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faa865eb65c5bef62efb6ec88fd97233

Files

faa865eb65c5bef62efb6ec88fd97233
.exe windows:4 windows x86 arch:x86

c4feea5cfdc85a78a5529b666438eb20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strcmp
memmove
memcpy
strlen

kernel32

GetModuleHandleA
HeapCreate
GetProcAddress
GetCommandLineA
HeapDestroy
ExitProcess
CreateProcessA
GetThreadContext
VirtualAllocEx
SetThreadContext
ResumeThread
TerminateProcess
CloseHandle
InitializeCriticalSection
GetModuleFileNameA
HeapReAlloc
HeapAlloc
HeapFree

Sections

.code
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ