85b4fc41092ba21657be48fd0c6cec3a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85b4fc41092ba21657be48fd0c6cec3a
Size

56KB
MD5

85b4fc41092ba21657be48fd0c6cec3a
SHA1

385f07f7374178e6f457d85189a1983237404a3f
SHA256

42ff8ffd521e89044fa9b6fb86e0e99295964522e0cb3aa9bc064c3fca9ee2a0
SHA512

02137e4a914093ae33f43806f969b18d7ec77e7681d614eb96a99daf34860a079f5e8b8eec8629d9bfcc1d22caba47e30cd0ed1b137664b87fed2f52db78463d
SSDEEP

1536:Ah1111CJVMe+T4v0RJbzro9Xdklgf8IUMm6vh:Ah1111dTk0RJX8JdQgf1Un6vh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85b4fc41092ba21657be48fd0c6cec3a

Files

85b4fc41092ba21657be48fd0c6cec3a
.exe windows:4 windows x86 arch:x86

2f61ada12182a8f09aa78ec66ff21902

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlCaptureStackBackTrace
SetVolumeLabelW
ConsoleMenuControl
IsBadStringPtrA
CreateFileMappingA
GetPrivateProfileIntW
GetThreadContext
FlushViewOfFile
GetTapePosition
Toolhelp32ReadProcessMemory

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE