6fdd6555bcfce8575187503f479b6367 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fdd6555bcfce8575187503f479b6367
Size

37KB
MD5

6fdd6555bcfce8575187503f479b6367
SHA1

4b19f94b0766f39009f68ef448fc47f4d47cbaf0
SHA256

00dbb34a71feb00e761f45a9001a08f15a5ca002fc240b1e5b4e2e506477cb6e
SHA512

b682c8819141a3494227c0073c3724e68e687c20ec3cc8969942d9abc05a812392ea79ac3299f2e153487eac2474a5dcd5e3ab4d9f4e75a83a16f9a31fb7a070
SSDEEP

768:JiLsGeBqa1szfKyPMc6awsFJ64lmxFGrTodOLgXq:JiwBqa1sTKyxUkL34Vq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fdd6555bcfce8575187503f479b6367

Files

6fdd6555bcfce8575187503f479b6367
.exe windows:4 windows x86 arch:x86

633afa27c4f4a216f826b54b2681373c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CopyFileA
CreateFileA
ExitProcess
FindResourceA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetWindowsDirectoryA
LoadResource
LockResource
OpenProcess
SizeofResource
Sleep
WaitForSingleObject
WinExec
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpA
lstrlenA
VirtualFree
VirtualAlloc
ReadProcessMemory
GetCurrentProcessId
SetLastError
CreateRemoteThread
ResumeThread

user32

FindWindowA
wsprintfA
GetWindowThreadProcessId

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ