467c5c61ee007f7945b8b164148f4976 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

467c5c61ee007f7945b8b164148f4976
Size

8KB
MD5

467c5c61ee007f7945b8b164148f4976
SHA1

bddabb813bc0605dd42a2273f89d2d78d904b932
SHA256

e678dac4f0a2af80924f115e600d0c089e54be0db134262d75bb9b67368a6d88
SHA512

156697f6866731ab79813905a25cac0dcc7bf77ea97cb5c536c2ce7967f9d62eb13ad67c7ebcef20c065506d5053d3f3b3c631f79324efcd63ecb8b0d6bfd182
SSDEEP

48:KIq8/D16jYJXOMbHzcrQpBZtBrVJ+pYEH:7/IYXOMr4rQLP0YEH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
467c5c61ee007f7945b8b164148f4976

Files

467c5c61ee007f7945b8b164148f4976
.exe windows:4 windows x86 arch:x86

6014a1f799c7445b9b134a004d9496f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
GetStartupInfoA
PeekNamedPipe
ReadFile
GetCommandLineA
lstrcmpA
lstrlenA
ExitProcess
CreateProcessA
CloseHandle
CreatePipe
WriteFile

user32

wsprintfA

advapi32

RegCloseKey
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA

wsock32

WSACleanup
WSAStartup
accept
bind
closesocket
htons
listen
recv
send
socket

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE