f7e78b45a50bbfbca8b0f29592bf4744 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f7e78b45a50bbfbca8b0f29592bf4744
Size

5KB
MD5

f7e78b45a50bbfbca8b0f29592bf4744
SHA1

d4813e9ea1a2ac8f188ff6f0695a4caee6f50418
SHA256

dd46b9e850892ae3ee691a4635a209a2c8e99c9e7e7f0002ed73a9f05c5afc41
SHA512

497e298f13065df16e237741e0123cfec152b3eaa5ab529c2fcd183c243fb032e5f649d8a52d7a055c8ff2eacb97d375c15fb951142233b2f7965c54f8be018c
SSDEEP

48:S4rkZsHp/zLveGW1dRx7tjT8OiguBmvu1A8czltVQOzltV7PgwcG66SALfy:jrsgPGX1rzjIOA+uA8czXKOzXes6g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7e78b45a50bbfbca8b0f29592bf4744

Files

f7e78b45a50bbfbca8b0f29592bf4744
.exe windows:5 windows x86 arch:x86

ec9743e308b14639e836a015ba10ea98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateProcessA
CreateThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent

ws2_32

recv
WSAStartup
bind
accept
send
WSASocketW
htons
listen
closesocket

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ