1de6a8896cf2c6fda423a5763b428174 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1de6a8896cf2c6fda423a5763b428174
Size

40KB
MD5

1de6a8896cf2c6fda423a5763b428174
SHA1

fe82cc0be5b34962d750a907838624366de97916
SHA256

0cc6e561cc5815df854e0aa074d1f571a33247e003ee0eb375f20a7a42785b96
SHA512

59243981b29125234c7d1ad3693ab6728a570f212bf0531f18cdaad20be9d0aaf49ebe33fd8cb67cd9f4e5280105cf1a7501de55a3eaa7f89b9207dcf87e8514
SSDEEP

768:Y+JuhSBcr6uzhMwF0A8fBTKWyFKeNjL10Xxq5WxA7VPYzcscXJ:Y+JWN2uaweA852VF11BQxqAMVPYIsiJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1de6a8896cf2c6fda423a5763b428174

Files

1de6a8896cf2c6fda423a5763b428174
.exe windows:5 windows x86 arch:x86

2a7e2418be8a09fc671a0ee84b34f19e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
ExitProcess
lstrcmpiA
VirtualProtect
IsBadReadPtr
GetProcAddress
LoadLibraryA
CreateThread
GetModuleHandleA

user32

MessageBoxA
DefWindowProcA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SendMessageA
KillTimer
GetMessageA
DispatchMessageA
TranslateMessage
SetTimer

Exports

Exports

func1
func2
start

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 838B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ