79774e89310fcdf29b46281ae34c6fa8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

79774e89310fcdf29b46281ae34c6fa8
Size

14KB
MD5

79774e89310fcdf29b46281ae34c6fa8
SHA1

e08ac0d6237813d020a043b5adf0704a958f29a1
SHA256

4eac8b2481d3bfac477a64a34e27c4bdacada3e02801ab067b37c04bb9ea5ff4
SHA512

635c768169e636cd3b652c80e46303300d4aede7775b5d77ded36c55310b17075fab11f524d37776879e222727833a959d528ae87395eed310af95ff034af7b0
SSDEEP

384:Wr1j2No/+678IqEe47jHW4YX5LRiZQaFdyUYVN/VG:Mj1N8tGYbiqedyh5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79774e89310fcdf29b46281ae34c6fa8

Files

79774e89310fcdf29b46281ae34c6fa8
.exe windows:1 windows x86 arch:x86

c8f30ef6261b2f47f92babb1f362ab56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

user32

CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EnumChildWindows
FindWindowA
GetMessageA
KillTimer
PostQuitMessage
RegisterClassA
RegisterClassExA
SendMessageA
SetTimer
ShowWindow
TranslateMessage

rasapi32

RasEnumEntriesA
RasGetEntryDialParamsA

wsock32

closesocket
send
recv
connect
ioctlsocket
htons
socket
inet_addr
gethostbyname
gethostname
WSACleanup
WSAStartup

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateThread
ExitProcess
FreeLibrary
GetCommandLineA
GetComputerNameA
GetFileSize
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
SetFilePointer
WriteFile

Sections

AUTO
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 7KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE