56dd85c52168f7986d8d6d1b6272201b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56dd85c52168f7986d8d6d1b6272201b
Size

276KB
MD5

56dd85c52168f7986d8d6d1b6272201b
SHA1

d5e139cfb197fb7fd53be3b5c7019ba5597a997f
SHA256

bc254e53c06ae6657bbda7f67825a311e74f82f5bb89eb7e3fae7eea82f614b0
SHA512

b37d55e32cc058249624256ea678f0894349cb43d88226bc7aef2167154c0a59017038d95ec55910d0e48ceb2f1ebfcfe1a07ff14e4ec5da10944b0ce298491a
SSDEEP

6144:MFnSzmfwk2cBLF8Ei6UuJOv/6tUmNOfscrdXoII:0Sz8mcZiEBUJvvPVs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56dd85c52168f7986d8d6d1b6272201b

Files

56dd85c52168f7986d8d6d1b6272201b
.exe windows:4 windows x86 arch:x86

bd227ba966c127e93fe82f25f211eaca

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualFree
VirtualAlloc
GetProcAddress
ExitProcess
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
HeapAlloc
GetProcessHeap
HeapFree

user32

wsprintfA
MessageBoxA

Sections

.data
Size: 130KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rsc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ