5324b3b56039c302acd8034680978b73 | Triage

Sharing

General

Target

5324b3b56039c302acd8034680978b73
Size

295KB
MD5

5324b3b56039c302acd8034680978b73
SHA1

146f62f5b464216f894ce913bbd0606622d058bb
SHA256

24299b34b38888684461eaff2617b38428cd851b70a10f5881ad9033bea6524c
SHA512

cb59646275ec0ff3e661361ce041bdc0de20967b532e58ff6ae55999ec0ec6e861371bc92fcec2c9424a8fd494e3aeceba11f02072b00046d7be38d7a8d1af8b
SSDEEP

6144:/Ox08UIwkGHu655ZPcexNM8xutdolFbIteB7qLHKJ8TVKJYoaGw:/Ox/UoGHu6nBxLAtdGFbbpz8TVKJYx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/bboth60912.exe

Files

5324b3b56039c302acd8034680978b73
.eml
dfx333.cab
.rar
bboth60912.exe
.exe windows:6 windows x86 arch:x86

6ef74f7b87fa15b6df54d064a5b8ef31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetCommandLineW
WriteFile
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
GetCurrentProcess
ExitProcess
GetExitCodeProcess
CreateProcessW
GetWindowsDirectoryW
VirtualProtect
IsWow64Process
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalFree
GetBinaryTypeW
lstrlenW
WideCharToMultiByte
EnumTimeFormatsW
GetConsoleOutputCP
WriteConsoleW

user32

LoadStringW
MessageBoxW

ole32

OleInitialize
OleUninitialize

msvcrt

towlower
malloc
memset

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
email-html-2.txt
.html
email-plain-1.txt