2679dba36eec4a9fbbf7c86ff2ad35aa | Triage

Sharing

General

Target

2679dba36eec4a9fbbf7c86ff2ad35aa
Size

5KB
MD5

2679dba36eec4a9fbbf7c86ff2ad35aa
SHA1

838769d9b56eb3d67f9090b8d638989dc08c0e96
SHA256

f28d69d1337dbc308fce5f364da97289997c80527bc5099f2712e84ff7b16de4
SHA512

cb9412eb52f992210e6dff73204ea139a30118fa235269c541ff917888c31921579b341e0b3ceccf2803f69e4be09012d40d8bfb7d91f828f7e97bafdd897249
SSDEEP

96:eQ0KtyKQ9bCt8U02C535Ub7Ap+3Lm6aFaRqRHh8oTT8vP4tikvriEktd90y+8y+D:eQNtyKQ9bCGP5pNOVZRXoX80ifEwdm0D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2679dba36eec4a9fbbf7c86ff2ad35aa

Files

2679dba36eec4a9fbbf7c86ff2ad35aa
.exe windows:4 windows x86 arch:x86

b7c7a108d8ef886e6cc4572bcb48f101

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResumeThread
SetThreadContext
GetThreadContext
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
CreateProcessA
Sleep
ExitProcess
HeapFree
HeapAlloc
GetProcessHeap
LoadLibraryA
GetTempFileNameA
GetTempPathA
MoveFileExA
GetModuleFileNameA
GetCurrentProcessId
GetProcAddress
GetVersion
TerminateThread
CreateThread

ws2_32

ioctlsocket
WSAGetLastError
closesocket
connect
select
WSAStartup
socket
gethostbyname
htons
send
recv

wininet

HttpSendRequestA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA

iphlpapi

GetAdaptersInfo

msvcrt

_strdup
sprintf
_itoa
free
_snprintf
strtok
strncmp
malloc

Sections

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 319B - Virtual size: 325B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE