67882d0eaec516c2686459d4436a7de2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67882d0eaec516c2686459d4436a7de2
Size

13KB
MD5

67882d0eaec516c2686459d4436a7de2
SHA1

663e662275dc395dea26a8b35b6a22cb7d3dfe55
SHA256

c18a1c8da0291db216535eae9e36367cc1e2a31380b37d27f0b2febbb02648c9
SHA512

065d7858bc6f8a2e63e3152b71bba90feaf3949fcdbf6d23e63f8c7fb25b38d40821fdf1611f33ba7613fc621d7c86f74625feeeeb5dea0245c21b2b55417d5b
SSDEEP

192:mT4I1ow5QTIlftfz7DoYgJlmQ64VMuGZf2s0QX0fP1oy:xYow5iwBDoY6mdduGZ/0QEn1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67882d0eaec516c2686459d4436a7de2

Files

67882d0eaec516c2686459d4436a7de2
.exe windows:4 windows x86 arch:x86

9fd8ee3746b889ebd0c5cb804199b260

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
socket
gethostbyname
htons
connect
send
closesocket
WSACleanup

kernel32

GetTempFileNameA
SetErrorMode
CreateFileMappingA
GetStartupInfoA
GetModuleHandleA
GetLastError
CreateThread
ExitProcess
GetTickCount
lstrlenA
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
GetVolumeInformationA
Sleep
GetModuleFileNameA
GetTempPathA
CreateProcessA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot

msvcrt

_controlfp
_strdup
_strcmpi
fread
sprintf
atoi
fclose
ftell
fseek
fopen
toupper
_unlink
strcpy
calloc
_except_handler3
malloc
fwrite
fputs
strlen
strcat
rand
strstr
strrchr
strcmp
memset
strtok
srand
__p___argv
__p___argc
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.bss
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE