44791c7bda9dee84cfb22255d8a352c2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44791c7bda9dee84cfb22255d8a352c2
Size

137KB
MD5

44791c7bda9dee84cfb22255d8a352c2
SHA1

97529f9085616548e5738fa2b174a44c063d4647
SHA256

6818f5902317a8b06a1f5cf480f6ee35e248398de9429d758a730b6da7a944ea
SHA512

ee6b164d21d8b3ad39757aac18cf91ed30df37ea35e6428da7315015eb4dcd683478d53d524e24ce3f896be3d98d43e6875bf2c97b01dc882f38ddb2c065090e
SSDEEP

3072:pVzjzrYQkED9OyNCevuxSPKimPWKu9uDvLj+e/n/e1:pVzjsEJOyNPuxermPW1uDvn+e//e1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44791c7bda9dee84cfb22255d8a352c2

Files

44791c7bda9dee84cfb22255d8a352c2
.exe windows:0 windows x86 arch:x86

4bda570ce112adc211f3bd7fa6b82f33

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetModuleHandleA
GetProcAddress
VirtualProtect

msvcrt

malloc

user32

MessageBoxA

Sections

.text
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QW0
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QW1
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QW2
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xiaohui
Size: 6B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ