1d33e957e5240fbebe54fd878cd0d81f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1d33e957e5240fbebe54fd878cd0d81f
Size

16KB
MD5

1d33e957e5240fbebe54fd878cd0d81f
SHA1

d12fe6c8f920f627e7b7a92b953bd011558eda67
SHA256

774c4464d324f5067d8c915824e09a8be62587e0955850ceb9032f389fc603d1
SHA512

a52df1bf44e75aa93eaa8d22268ce887527329b7d6014f2c02fe4fb5484ef94f8fbe2aea16dd4a573ca6ee4e84b9d2b44751b66539c9d0644df332beb0062ef9
SSDEEP

192:eWuMsxGMHbsqdFT7u07RB8ov2P4oyFl9J4ZT4x:u3n2jo44Z9Jvx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d33e957e5240fbebe54fd878cd0d81f

Files

1d33e957e5240fbebe54fd878cd0d81f
.exe windows:4 windows x86 arch:x86

b1a9db34ea59f58a0ba631d215817b76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
GetLastError
Sleep
GetTickCount
CreateMutexA
CloseHandle
OpenMutexA

ws2_32

gethostname
gethostbyname
inet_ntoa
WSAStartup

mpr

WNetAddConnection2A

rpcrt4

RpcRaiseException
NdrConformantStringBufferSize
NdrPointerMarshall
NdrConformantStringMarshall
NdrConvert
NdrConformantArrayUnmarshall
NdrClientInitializeNew
NdrNsGetBuffer
NdrNsSendReceive
NdrFreeBuffer
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcStringFreeA
RpcBindingFree
NdrPointerBufferSize

msvcrt

__set_app_type
__p__fmode
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
free
malloc
strrchr
strncmp
time
srand
printf
sprintf
_except_handler3
rand

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE