1168b1893f897bfba3fa5afe2d9d3684 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1168b1893f897bfba3fa5afe2d9d3684
Size

4KB
MD5

1168b1893f897bfba3fa5afe2d9d3684
SHA1

04c7a924c803fc15c3d11ac0317a29f813e10c86
SHA256

c15db480cd37d3f529a14d1aa1bcc79986661cc82365b542c7011de319f6047b
SHA512

2046d9d24c6a0c67866ccac3c8aa8dd73d15518bf92c5c1abe063263063e8ef7cc29c532c4ed80bfa31e43caf29c8332bd8fc13828f7e5ceec6db70ba6b50bca
SSDEEP

96:SZw3f2LNxV0oaQ6GDpoC1w9MW8o2smga3fg02KSD6GeZlnfmUgMPI:Xv2LHVGaVV16dKvg02KG8+aPI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1168b1893f897bfba3fa5afe2d9d3684

Files

1168b1893f897bfba3fa5afe2d9d3684
.exe windows:4 windows x86 arch:x86

e47a8b1e835c294e3272eb3832740b3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
lstrcpynA
lstrcmpA
HeapAlloc
CreateThread
GetProcessHeap
GetCommandLineW

shell32

CommandLineToArgvW

ws2_32

recv
closesocket
connect
inet_addr
socket
__WSAFDIsSet
select
send
shutdown
accept
listen
sendto
recvfrom
getsockname
bind
WSAStartup
gethostbyname
htons

shlwapi

StrToIntW

Sections

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE