8f49da04859558447d5479d3204dbbd8 | Triage

Sharing

General

Target

8f49da04859558447d5479d3204dbbd8
Size

216KB
MD5

8f49da04859558447d5479d3204dbbd8
SHA1

c1805e8984692be2e1a05ef04b2cc7e2f27ea4d1
SHA256

d3d72fe9caf153881c30e78e5373d6544431f3c292700d3cd047cdbf2467675e
SHA512

a930483f1707fd406d3c3e189d1d6ddf37f4d865fa4b32e873c91f94d3654a86dc019e43ff4c7b6ee27cf69446d380f9c992162235a92fe3b7bc51a8fc7ce99f
SSDEEP

3072:rcV7Z0KUjiKdIa0rRzBuMewLSPlNKwGNmJ30/wlj1o2Y:rgZTUjiS4BurxPlNKwGNmJ30ol

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f49da04859558447d5479d3204dbbd8

Files

8f49da04859558447d5479d3204dbbd8
.exe windows:4 windows x86 arch:x86

4f234a381965986d4b14498861dbd373

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleTitleA
GetFullPathNameA
SetEvent
ResetEvent
RaiseException
FindNextVolumeA
SetThreadContext
SetConsoleHardwareState
ReadConsoleA
CreateDirectoryExW
ReplaceFileA
GetSystemTimes
WritePrivateProfileSectionA
SetConsoleCursor
VirtualAllocEx
OpenJobObjectA
UpdateResourceA
GetSystemWindowsDirectoryA
WriteConsoleOutputAttribute
lstrlen
SuspendThread
SetDefaultCommConfigA
UnlockFile
GetFileTime
FindVolumeClose

wininet

FtpSetCurrentDirectoryW
InternetCrackUrlA
InternetUnlockRequestFile
FtpRemoveDirectoryW
ResumeSuspendedDownload
InternetQueryDataAvailable
FtpSetCurrentDirectoryW
InternetGetConnectedStateExA

Sections

.itext
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 204KB - Virtual size: 483KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ