6358baf646fc9771bd0e9d5558b1cb9a | Triage

Sharing

General

Target

6358baf646fc9771bd0e9d5558b1cb9a
Size

862KB
MD5

6358baf646fc9771bd0e9d5558b1cb9a
SHA1

9c97a4e96115c864b602b1c6491737a48a14010d
SHA256

04a3c57f95280a980bd5ebcde20f4728e5dafbf445cc3ac550b32836002b2dc7
SHA512

31c6ae172c63eaf4409d1ef34d2fdecca98755272519c133176f94d71a47ed297c931c8125debd29ea7acfb14c7c9fdc187b278b44cd66b0289174fbf819f118
SSDEEP

12288:o+FBomCpJ9a/tLhZxa4u1cl9WYvyzK/Ok0D1zP4zrw3pGs:TBomCpJ94LhZk4u1I9WYZ/CB4af

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6358baf646fc9771bd0e9d5558b1cb9a

Files

6358baf646fc9771bd0e9d5558b1cb9a
.exe windows:4 windows x86 arch:x86

4597a7e2ecd43affbbf3d5c89e2f5409

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAllocateVirtualMemory
NtAdjustGroupsToken

kernel32

Sleep

rpcrt4

NdrOleFree
NdrOleAllocate
CStdStubBuffer_AddRef
CStdStubBuffer_IsIIDSupported
NdrDllGetClassObject
CStdStubBuffer_Connect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerRelease
NdrDllCanUnloadNow
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer_Release

Sections

.text
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 7.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 335KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE