571aaf13b1b3183b9c023301f89248d0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

571aaf13b1b3183b9c023301f89248d0
Size

209KB
MD5

571aaf13b1b3183b9c023301f89248d0
SHA1

90b1469fa2ee0b6532d900fde5e7eda2da85b59e
SHA256

dd047b4aed5c5a6f38c80662e566c8fdbc55fa73abddcd0e45fc40c549bdae8d
SHA512

f71ebb37a1efef79e8af1fa35547fee6de33289d72db96d85d5e08799b0424c5154a33aba518c896f2c9e970bbe9bcb97e73e6f05e61b2f0ede603a071a9bfe4
SSDEEP

3072:5FavwmUwrg17NszHXG9yKZegWfLQ4NUhq+NNPJt9nKLRwi4tt1m2jGT/yF8fWsRG:bavHTE1p4G9ySWUDhq0Pf9NvrrD0G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
571aaf13b1b3183b9c023301f89248d0

Files

571aaf13b1b3183b9c023301f89248d0
.exe windows:4 windows x86 arch:x86

201bd4e0b9013925100efd2f8f185774

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetTickCount
VirtualProtect
WaitForSingleObject
GetSystemDefaultLangID
GetProfileIntA
CloseHandle
AddAtomA
GetConsoleCP
SuspendThread
InterlockedExchange
CompareFileTime
WaitForMultipleObjects
HeapCreate
lstrlenA
HeapReAlloc
GetStdHandle
LoadLibraryExA
GlobalUnlock
GetVersion
GetCommandLineA

user32

EnableScrollBar
DestroyMenu
FindWindowA
CopyImage
IsDialogMessage
SubtractRect
ModifyMenuA
CreateMenu
CreateIcon
GetKeyboardLayout
SetWindowPos
SetPropA
DispatchMessageA
CreateCursor
GetMenuStringA
CreateCaret
EqualRect
InsertMenuA
InvertRect
GetKeyState
DrawCaption
DialogBoxParamA
CopyRect
GetDlgItem
MessageBoxA

netapi32

DsRoleFreeMemory
DsGetDcOpenA
DsGetDcNameA
DsRoleCancel
DsGetDcNextA

wldap32

ldap_add

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ