ff0467d9f26f7dafa7b776d04efc5ceb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff0467d9f26f7dafa7b776d04efc5ceb
Size

749KB
MD5

ff0467d9f26f7dafa7b776d04efc5ceb
SHA1

61d5716a521e85030388e836559884808169a8ed
SHA256

8f5c3481f848366bcbc62b704193a88f11096e9d0600372853a3bf4ee92fe54d
SHA512

70e415d09a1956b1de7bbb2d1335ad7a609b4345414ae644a1c55ef767a17c39a6c8fbb55fc0b43eb7f0d3f9e192117a64fd7dda4b33ac2d5adaeae4756c2f90
SSDEEP

12288:iA1Cwy0FS44RQ3PJR/3LUXP2UUZkhwpNPliDI7aFf7aEGrtXWHxkks//w6e:iXJrSR/7sUZkENis+x38mxnsXw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff0467d9f26f7dafa7b776d04efc5ceb

Files

ff0467d9f26f7dafa7b776d04efc5ceb
.exe windows:4 windows x86 arch:x86

d0b0f256801bc49af0ca90a3035235c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
ResetEvent
CreateFileMappingW
WriteFile
DeleteFileA
GetFileType
GetLastError
CreateDirectoryW
CreateMailslotW
ReleaseMutex
VirtualProtectEx
Sleep
SetStdHandle
WriteConsoleW
RemoveDirectoryA
HeapFree
GetModuleHandleA
GetCommandLineA
CreateEventW
SetEvent
FindClose
RemoveDirectoryA
OpenEventA
SetLocalTime
lstrlenA

ntshrui

DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow
DllCanUnloadNow

cmcfg32

CMConfig
CMConfig
CMConfig
CMConfig

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 741KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ