5bd06474d6a37d52b3b603804a9c8763 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5bd06474d6a37d52b3b603804a9c8763
Size

4KB
MD5

5bd06474d6a37d52b3b603804a9c8763
SHA1

6a978cabc0cec3e117408c4a964ca1e9988a163d
SHA256

56d3aa4826e8d32f059129a73af6a6b182a2f1c70c890e63f5f7d5f11fa2ae2c
SHA512

f3498f4e9b54571dcc95dcd6fe7f382347086ded9bffc949398d2cfcf69c323769f5a076eb3865ff46bf9f79eb700f4decf536f45898a1c213effd925bf756da
SSDEEP

96:JhvsPb+R4MM8T1cAevgHMSzP9stuZ8zzbmIxztAv:Jc+jM8BdjHfRsAZ8rmIx5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bd06474d6a37d52b3b603804a9c8763

Files

5bd06474d6a37d52b3b603804a9c8763
.exe windows:4 windows x86 arch:x86

228b110a8e0b4a2a747c2ae3854ad8dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
lstrlenA
lstrcatA
GetLongPathNameA
GetTempFileNameA
GetTempPathA
DeleteFileA
CloseHandle
CreateFileA
lstrcpyA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
GetModuleHandleA
OpenProcess
ExitProcess
WinExec
CopyFileA
lstrcmpiA
GetSystemDirectoryA
GetModuleFileNameA
LoadLibraryA
ReadFile
GetFileSize
GetWindowsDirectoryA
GetLastError
CreateMutexA
TerminateProcess
CreateProcessA
GetStartupInfoA
SetErrorMode

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA
FindExecutableA

msvcrt

strstr
strlen
memset
sprintf
strcat
strcmp

urlmon

URLDownloadToFileA

Sections

Anskya
Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 128B - Virtual size: 128B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE