505b071b3eead7ded32a766c98efb6ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

505b071b3eead7ded32a766c98efb6ef
Size

205KB
MD5

505b071b3eead7ded32a766c98efb6ef
SHA1

1e5a232fcdae2d4c51615550042eace0b0dfda75
SHA256

f3417baa5f449e925c51a605b47680da3c88bce60949121e3c3eeeb90afe719f
SHA512

4887b6ee3b7d01637869e7ffb29c9a3700d76728877c86e1838fb6110c9a3dda1b7c3bfdadf534cfda2dae93c80d6f47a7a7eb1137bb173aefaa6869103f0c1d
SSDEEP

3072:X3X1Swo5+g5+ilTZwuJJoNUG7FPCNGYSF83KCrV67Ytc3sY:X3XDlgbw9KG7FPjYQ7Qu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
505b071b3eead7ded32a766c98efb6ef

Files

505b071b3eead7ded32a766c98efb6ef
.exe windows:4 windows x86 arch:x86

ca97087ed0a37adf6112db6203a6d890

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VerSetConditionMask
SetTapeParameters
SetFileShortNameW
CloseHandle
SetFilePointerEx
SetCommTimeouts
RtlZeroMemory
RtlUnwind
RtlMoveMemory
RtlFillMemory
RtlCaptureStackBackTrace
RtlCaptureContext
RemoveVectoredExceptionHandler
QueryDosDeviceA

user32

ClientToScreen

advapi32

ConvertSecurityDescriptorToAccessA
NotifyChangeEventLog

gdi32

RemoveFontMemResourceEx
CreateScalableFontResourceA
SetPixelV
GetCurrentObject
PatBlt

msimg32

AlphaBlend

iphlpapi

SetIpStatistics

d3dxof

DirectXFileCreate

Exports

Exports

Aqh
CkrnG
RGef
X8Kp2
k5q
tUHZmNr9MIsT80oVs2S2
uTQvfZpQ82uE

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 842B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ