56cc5a969f0aabd88ac77a7a75bf1e4f | Triage

Sharing

General

Target

56cc5a969f0aabd88ac77a7a75bf1e4f
Size

377KB
MD5

56cc5a969f0aabd88ac77a7a75bf1e4f
SHA1

8aa104c3c65a17e1b2d3ff0d1a21b56bdb29976d
SHA256

b9f0962f6240161515d07716387d1860e95d1ecf4ebdd7da361a28f6b1f7eebc
SHA512

78ef98f0a9754c4eb3be97bd98db39d1faf486778e5db9f88ea2a71291caac59ca78c72d2fb026a2c4dca94fa654049ec273e6214d627de899a1b25f11f8b945
SSDEEP

6144:DT4MivsRMVue2d9rQnFdUFj1KGRqRo/T59AoHMD2SBDOhPcgjL8YpOyK4RJRSaSj:DTvD3JQnF6Fj4GRB5KOrui9OTMJRx0Qy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56cc5a969f0aabd88ac77a7a75bf1e4f

Files

56cc5a969f0aabd88ac77a7a75bf1e4f
.exe windows:4 windows x86 arch:x86

e90909d9d1c09cb37f17558e364654bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
CopyFileExA
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
VirtualProtectEx
OpenEventA
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
GetTickCount
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
CopyFileA
GlobalAlloc
FlushConsoleInputBuffer
InterlockedExchange
RtlUnwind
IsDebuggerPresent
QueryPerformanceCounter
VirtualQuery
LoadLibraryA
ExitProcess
CreateMailslotA
GetFileType

advapi32

RevertToSelf
LookupPrivilegeDisplayNameW
CryptImportKey
RegReplaceKeyA
CryptGetDefaultProviderA
CryptEnumProvidersA
CryptAcquireContextA
LookupPrivilegeNameW
CryptAcquireContextW
LookupAccountNameW

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ