2f14560a17e1d6801eb48c33fa02064d8c4709fd15f1640fcb1344c4e8c8da56 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f14560a17e1d6801eb48c33fa02064d8c4709fd15f1640fcb1344c4e8c8da56
Size

6KB
MD5

dd7539a9fa6fc932081d494ab46fab7b
SHA1

c5bec9b73edab039f01b959dd9061ffe76e607f7
SHA256

2f14560a17e1d6801eb48c33fa02064d8c4709fd15f1640fcb1344c4e8c8da56
SHA512

bfe2a7efe0764c5c801ce2da6c20e96be447e67afc9fc946eebfa5fc7a716cbbcc5830ad50a047ba0e05accac925e1c1b8664d5859e0419e384d71a44a5b3281
SSDEEP

48:Sobt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uvO:d0mIGnFc/38+N4ZHJWSY9FI5WqAx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f14560a17e1d6801eb48c33fa02064d8c4709fd15f1640fcb1344c4e8c8da56

Files

2f14560a17e1d6801eb48c33fa02064d8c4709fd15f1640fcb1344c4e8c8da56
.exe windows:5 windows x64 arch:x64

7c5f9b19847a4e36080308f0e2c5add5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
GetModuleHandleA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
CloseHandle
VirtualFree
GetProcessHeap
CreateFileMappingW
MapViewOfFile
OpenProcess
UnmapViewOfFile
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ