56bc8f3ae761a88bfb9cbcafee6049fe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56bc8f3ae761a88bfb9cbcafee6049fe
Size

176KB
MD5

56bc8f3ae761a88bfb9cbcafee6049fe
SHA1

d362f7699bf2a12688862f2c48a8da7c8e61bf51
SHA256

800fc7f063546be88e5c3e34559bca8a9d8cee95cbea9b18703aec744a4587fb
SHA512

1f0c1230b978735c5011b6e6dbcb450d1b5015b2796de210e6ecc4251f13d1bef3b0f36709ef26c9a5c139beb2a2f72ced93bbb90e5bb7d04dfff5a037049b46
SSDEEP

1536:1cW9+hBAIfrwT9PfTQ8j2FejrfDfLCWVfMY4AQ0huvASlJs1CQd37zrAQ1pyxzWX:ShB7rGPfMe/rDVUy1oN4/JrAQ1Ixqv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56bc8f3ae761a88bfb9cbcafee6049fe

Files

56bc8f3ae761a88bfb9cbcafee6049fe
.exe windows:4 windows x86 arch:x86

c6fe6ff04b4411e1f410879b82752f61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadProcessMemory
GetThreadContext
GetProcAddress
lstrlen
GetModuleHandleA
TerminateProcess
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualAlloc
CloseHandle
FindClose
Sleep
lstrcat
FindNextFileA
lstrcmp
FindFirstFileA
VirtualQueryEx
Process32Next
lstrcmpi
Process32First
CreateToolhelp32Snapshot
lstrcpy
GetSystemDirectoryA
GetCurrentProcessId
GetModuleFileNameW
GetCompressedFileSizeA
GetTempPathW
OutputDebugStringW
WideCharToMultiByte
lstrcpyW
GetModuleFileNameA
SetSystemTime
GetSystemTime
GetCommandLineA
GetStartupInfoA
GetProcessHeap
HeapAlloc
OutputDebugStringA
ExitProcess

user32

wvsprintfA

Sections

PS�ի��
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�@�p;B
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��A
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE