41dfa966f519e5d97b6f3054420dda2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41dfa966f519e5d97b6f3054420dda2f
Size

437KB
MD5

41dfa966f519e5d97b6f3054420dda2f
SHA1

ede4f8b1a825c08fc37d324d8f561a72328316ba
SHA256

783cfd206e8cb01dd608cfc1a50628ded5abe89ba0cfe8299c4da5fb7441b45c
SHA512

5b271c1fa387bb69fbcfa302e052f98c14d4fce3158f5648e901a74f06634a632f9c98251acec7dd749a4534f58d0c10fe2a25ddf89de2fccd739830d5ebbb93
SSDEEP

12288:x6LHgTq3IVZbk8mVYSA8NZD9uILoXo7IGS19cgOTHX2cB:xy+UcZb5SAByoXRQGcB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41dfa966f519e5d97b6f3054420dda2f

Files

41dfa966f519e5d97b6f3054420dda2f
.exe windows:4 windows x86 arch:x86

bd227ba966c127e93fe82f25f211eaca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree

user32

wsprintfA
MessageBoxA

Sections

.data
Size: 429KB - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 640B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ