8dfb3f6a3bef1cd565d61a90b376a870 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8dfb3f6a3bef1cd565d61a90b376a870
Size

199KB
MD5

8dfb3f6a3bef1cd565d61a90b376a870
SHA1

c70e1039667df7bbd39cc01a186197ba8f5900dc
SHA256

eec173df028294a43d38e284dfb4a589a3f99e027733dc32ad0a766a4a7ba0ab
SHA512

4a1d5758279665619c3253cb171559140091908ea8d6d474e28cd9ef5e18fc8e6797148b60da7598ff540eaa2f079e864128d74d78b6c631c580dec4d2981026
SSDEEP

3072:v2ioQF76SBKOwRBxkAZLshsKs5u4Vah70lh81KUkJWoW5uTjJ+oyJ+8lTjXWI1c:v2irJ2RByCL1Kyu6jRUMWgjJDg+8Vj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8dfb3f6a3bef1cd565d61a90b376a870

Files

8dfb3f6a3bef1cd565d61a90b376a870
.exe windows:4 windows x86 arch:x86

2def80e33554c9fa7ba605b5986c9ebe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

bind
WSAStartup
listen

kernel32

CreatePipe
TerminateProcess
VirtualProtect

gdi32

SetRelAbs
StretchBlt
SetICMMode
ResetDCW
UpdateColors
SaveDC
TextOutW
SetDIBColorTable

shell32

SHAppBarMessage
StrRChrIA
StrStrIA

Sections

.text
Size: 38KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ