51c6e92307f3f2db0c5f9ce7d8463fed | Triage

Sharing

Copy URL Twitter E-mail

General

Target

51c6e92307f3f2db0c5f9ce7d8463fed
Size

5KB
MD5

51c6e92307f3f2db0c5f9ce7d8463fed
SHA1

8e4a2f9a940ff75111b7007fe273a8688fb7c408
SHA256

cdc322d8259496a9653c9e215bdad5c58e88fc174174cfc8c147ba19ca0b0b4f
SHA512

a1ea1da58167d8520550ebae93f9c919a93b53a2723d17da5fb99ec56bbbab2e2610e12fb7ceafff2acf731aedca55c6cec6f881f7e21a7c3e4d0e88fcbd9f3a
SSDEEP

48:SY9ZHnTWBGZaSAx3Z+B8O1Dz88rM+kg4MI8/dpPIV/NVT7xGM3inLHmqan0AxdV:nZHIw23AKaE8r1TPkVV/xVynLHTaRd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
51c6e92307f3f2db0c5f9ce7d8463fed

Files

51c6e92307f3f2db0c5f9ce7d8463fed
.exe windows:4 windows x86 arch:x86

d4473f6036ad9f31a9646cdb5ff28be1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
WriteProcessMemory
lstrcatA
GetTempPathA
lstrcpyA
GetProcAddress
GetModuleHandleA
OpenProcess
TerminateProcess
CreateProcessA
GetShortPathNameA
GetStartupInfoA
CopyFileA
DeleteFileA
GetSystemDirectoryA
GetModuleFileNameA
SetErrorMode
lstrlenA
GetLongPathNameA
GetTempFileNameA
CreateFileA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

shell32

FindExecutableA

msvcrt

sprintf
memset

Sections

Anskya
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdsf32
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ