5b58f1fc71222d5fdbbaddd7489ff0be | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b58f1fc71222d5fdbbaddd7489ff0be
Size

132KB
MD5

5b58f1fc71222d5fdbbaddd7489ff0be
SHA1

c2efc284f1611a5795ac2f7ea344394e5b376a80
SHA256

c18b39725391fc52176c95ef586c37292f0aecb6be42fbee86ec51f3010dc8aa
SHA512

299a55cc74ff8bf468998981db5bde8af1526ce50843e6850ca522dada1abd4f7cb7a5b46bffb48d9725c1a06ceabc4f5d06fa7b77117d01cd81bb034058808b
SSDEEP

3072:DiHBQhrEiQvaqAgx0/VhQo/2ksL0Jw3M1C1BZBh1EimY:+vaqA2aYkr91C1BLh1LmY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b58f1fc71222d5fdbbaddd7489ff0be

Files

5b58f1fc71222d5fdbbaddd7489ff0be
.exe windows:4 windows x86 arch:x86

660a54738a98c23ef022b9f08c7e2823

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WinExec
GetModuleFileNameA
GetTempPathA
GetModuleHandleA
GetStartupInfoA

urlmon

URLDownloadToFileA

msvcrt

srand
time
rand
fclose
sprintf
fwrite
fopen
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
exit

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ