56e1e8f606638abd3e96aada17446994 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56e1e8f606638abd3e96aada17446994
Size

22KB
MD5

56e1e8f606638abd3e96aada17446994
SHA1

84ed725b7dcb9ff2041fe041e4b836075334ae13
SHA256

4f056e454da3e7882e6578213b8db6e1bcc2204eb1c81f21e104649cd96ac8b3
SHA512

1e3e0a6ee10e34dda0540e136bb4afa314063494896b22597540c9efb5799f7348fab6d68de63b936229c3084f7638ef197f2055249a947b4b77b430bcfd3101
SSDEEP

384:WyNfroc1h8ceFSdV/w5tPPfR9giMYCiiyeZY4Ii8Ix+hcGNtyPABncPn1:xfroc1iFSdV/w5f7MYCp3ZR8IxdS442N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56e1e8f606638abd3e96aada17446994

Files

56e1e8f606638abd3e96aada17446994
.exe windows:4 windows x86 arch:x86

7e166e0fcef04dd45a267f4ac5e6a019

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
LoadLibraryA
GetProcAddress
lstrcatA
lstrcpyA
CreateProcessA
GetVolumeInformationA
GetTempFileNameA
Sleep
GetModuleFileNameA
GetTempPathA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateThread
GlobalAlloc
SetFileAttributesA
GetDriveTypeA
GetLogicalDriveStringsA
DeleteFileA
GetTickCount
ExitProcess
GetLastError
CreateFileMappingA
SetErrorMode
GetStartupInfoA
GetModuleHandleA

ws2_32

gethostname
bind
listen
accept
gethostbyname
shutdown
recv

msvcrt

_strdup
_controlfp
__set_app_type
sprintf
atoi
toupper
strstr
malloc
_except_handler3
fclose
ftell
fseek
fopen
fwrite
fputs
fread
memset
strlen
abs
strcat
rand
strcpy
strrchr
strcmp
strtok
free
srand
__p___argv
__p___argc
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_strcmpi

Sections

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE