423ed881dddc2f155ba3b73c2f974fc4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

423ed881dddc2f155ba3b73c2f974fc4
Size

7KB
MD5

423ed881dddc2f155ba3b73c2f974fc4
SHA1

383515ff008b4cc5ef1c4a779520c902a86f3808
SHA256

5c859aac2340189018924b2a58e854ef2120af98648d60e9a00f3d7b6351a9ce
SHA512

98d51f03eff1368aeb93ce9c357915bef692b0f1c308840f151a3f151f31399a89e56cbf0262e12a208f1167777fafd1bff3e8fa9d41031d47e3061ec9d1f423
SSDEEP

192:W8xW0ZdAL/ttLDBXOg6EVhfTXmU86iiePYKkH4+EXQMFixGvNm:W8Y0ZOL/tZDlOYVhL2Ufi3y+X5ii

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
423ed881dddc2f155ba3b73c2f974fc4

Files

423ed881dddc2f155ba3b73c2f974fc4
.exe windows:1 windows x86 arch:x86

dd4f61b557f230acfd0cdad6ced24b82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

user32

CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EnumChildWindows
FindWindowA
GetMessageA
KillTimer
PostQuitMessage
RegisterClassA
RegisterClassExA
SendMessageA
SetTimer
ShowWindow
TranslateMessage

rasapi32

RasEnumEntriesA
RasGetEntryDialParamsA

wsock32

closesocket
send
recv
connect
ioctlsocket
htons
socket
inet_addr
gethostbyname
gethostname
WSACleanup
WSAStartup

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateThread
ExitProcess
GetCommandLineA
GetComputerNameA
GetFileSize
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
GlobalFree
ReadFile
SetFilePointer
WriteFile

Sections

AUTO
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 7KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE