7a855c84fab750e0ae75784553b5b6bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7a855c84fab750e0ae75784553b5b6bc
Size

39KB
MD5

7a855c84fab750e0ae75784553b5b6bc
SHA1

d6ffb9ef27d77078437c4b038c87907c92007fae
SHA256

a6d606ec9e16fff841e1269b1eb4b09da99dbd0e8b441723fbaab3532f544d50
SHA512

d1bc7903402d902e8bd69dddd9cf9f749d8e3a0ef46d46b5d754d61c4bb4aa990a57c306e795f89905a193e6d25d9681bdde3f9eaaec17798c9fa8178f0c0d27
SSDEEP

768:5ZDdNgbgDUwKy9kIeybwC3CCFE+HGIsyLCTVWTBLtJBYBxUpv90A6dh8:7DPgbgDbP9wS7FvGIsKCJWtjsUh9018

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a855c84fab750e0ae75784553b5b6bc

Files

7a855c84fab750e0ae75784553b5b6bc
.exe windows:5 windows x86 arch:x86

90395b263efeeec8b775b61ece4123ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
IsBadReadPtr
lstrcmpiA
CreateThread
GetModuleHandleA

user32

DefWindowProcA
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
SendMessageA
KillTimer
GetMessageA
DispatchMessageA
TranslateMessage
SetTimer

Exports

Exports

func1
func2
start

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ