5495b893d4684535a7ddc0dc50f1102a | Triage

Sharing

General

Target

5495b893d4684535a7ddc0dc50f1102a
Size

19KB
MD5

5495b893d4684535a7ddc0dc50f1102a
SHA1

fd0650d1a184f956b2421fd8727cc854368245fd
SHA256

e210fd5be518db073aa050fd9e46648f4b48a9a88cad060b2980d29bf0aed7cb
SHA512

67b660ec41e235491b889bc892329c21b61004fe2bc2a926672ea011f2f88c1e1565d39e5edc25c9d98eb417c7c3d1243873fabcc3a28b5b827b08c9102553f3
SSDEEP

192:rMwL34Sn18+WpbFv5DZ7bwlkaJ2YZ4M7IOOoZxkLlXZgGUDWnyBB49EnwUXCyHEJ:IwLP5WpfBbo/s7M7nzZKlJ/yRWdqy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5495b893d4684535a7ddc0dc50f1102a

Files

5495b893d4684535a7ddc0dc50f1102a
.exe windows:1 windows x86 arch:x86

1b51dbe324150688ce5e3a0742d34a26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

accept
htonl
SetServiceA
gethostbyaddr
listen
closesocket
bind
htons
sethostname

urlmon

ZonesReInit
DllCanUnloadNow
IsAsyncMoniker
IsValidURL
URLDownloadW
Extract
CreateAsyncBindCtx

Sections

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE