1fd045a14aaa75b828b619e6953de2a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1fd045a14aaa75b828b619e6953de2a3
Size

16KB
MD5

1fd045a14aaa75b828b619e6953de2a3
SHA1

e653f41bb2c9be5fab9358074dce542854731c6f
SHA256

0a9374ccb48e914a2fe01c5c9997755b243e81720e3b09e278037b3773f07d2d
SHA512

2d6155ee35ee01ab793c82fb6140037cdd5c98a4805a34c025d2cd466aa8525467bd6cdb029c2d69424d07cd8920b37639134ee27b9fd70be209b56349ac6294
SSDEEP

384:b2/5Xyef6Tme6zyIhOzFRzhtipN81AjGoBuPW0hMw:y/59fPeoyIhOJZ2InMw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1fd045a14aaa75b828b619e6953de2a3

Files

1fd045a14aaa75b828b619e6953de2a3
.exe windows:4 windows x86 arch:x86

4b0be4ef924b41d5e9cfee658d466c5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

listen
accept
inet_addr
bind
WSAStartup
gethostbyname
socket
setsockopt
htons
inet_ntoa
connect
WSAGetLastError
closesocket
select
__WSAFDIsSet
send
recv
shutdown

kernel32

DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
CreateThread
GetCommandLineA
CreateMutexA
GetLastError
GetCurrentThreadId
Sleep
GetTickCount

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

msvcrt

_snprintf
rand
realloc
atoi
strchr
strstr
_time64
_fullpath
free
sscanf
strncpy
srand
strtok
malloc
strrchr
sprintf
exit
_open
gmtime
strncmp
isdigit
_strrev

Exports

Exports

time

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE