13f41d4d7f7088fabdc4213a8bd67ef5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13f41d4d7f7088fabdc4213a8bd67ef5
Size

40KB
MD5

13f41d4d7f7088fabdc4213a8bd67ef5
SHA1

d47c7790f79af90e72dc1cc597a404d7297216d5
SHA256

59cbce1989d228bcb2276aaa0c34a23a060c87e169258d9b60c7374cec8f2013
SHA512

132ed64de4c0c1dc3212e60ab0edbb0622496eeabe0fce29b2b3162dbb1cc9d00c7e1d7526823327315ce558649d627dd4d8c711f5c24e4a1d0fa37831c91ce8
SSDEEP

768:jXc0RLjK1Kjj7bYqetSDupnzE8IA4pBhPjvho/QbH9SsWt:jLNK23aeSzLF4JZo29SsW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13f41d4d7f7088fabdc4213a8bd67ef5

Files

13f41d4d7f7088fabdc4213a8bd67ef5
.exe windows:4 windows x86 arch:x86

4afc596746771b584bb9b5b306c613a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
WriteFile
CreateFileA
DeleteFileA
LockResource
LoadResource
SizeofResource
FindResourceA
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
GetShortPathNameA
ExitProcess
Sleep
CreateEventA
OpenEventA
WriteProcessMemory
Process32Next
Process32First
CreateToolhelp32Snapshot
GetTickCount
VirtualAllocEx
VirtualFreeEx
LoadLibraryA
FreeLibrary
OpenProcess
GetCurrentProcess
GetModuleHandleA
GlobalAlloc
GlobalLock
ReadProcessMemory
GetProcAddress
GlobalUnlock
GlobalFree
CreateRemoteThread
GetWindowsDirectoryA
CloseHandle

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA

msvcrt

srand
strlen
_stricmp
rand
strcpy
strcat

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ