ac49c0080f626f8f5977b3d6e9bbc8c3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac49c0080f626f8f5977b3d6e9bbc8c3
Size

21KB
MD5

ac49c0080f626f8f5977b3d6e9bbc8c3
SHA1

3d3619179ba326abb2cdc9c04770c8a3d443a2e9
SHA256

662a7ab53277c085f6838730cca0d937dbef9808e3ea1a922502dab7c6c2f9dd
SHA512

6c556e186ec2cc0b1ae04e96f6c648c64ecc23526f145a6cf61a03686fadd7a2818293735c94f17d623f5e7249f0010e37e0cfb6b6f256f6afa941346bb98a89
SSDEEP

384:iPOvaC14V8kk8mhzzg9wCqp+Wgsj/Y7nl+/3vt9SLK8InmVyU4p7Eheyu4vuzAVv:sjCBRgtSft9SsmVapkewvuzaF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac49c0080f626f8f5977b3d6e9bbc8c3

Files

ac49c0080f626f8f5977b3d6e9bbc8c3
.exe windows:4 windows x86 arch:x86

d66f66c3a2715b641a7207f2dbfa26c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
lstrlenA
Sleep
lstrcmpA
FindClose
UnmapViewOfFile
FindNextFileA
FindFirstFileA
lstrcatA
lstrcpyA
GetVersionExA
CreateThread
GetModuleFileNameA
CreateFileA
CloseHandle
LockResource
LoadResource
FindResourceA
CopyFileA
GetSystemDirectoryA
GetSystemTime
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetVersion
GetEnvironmentVariableA
HeapAlloc
GetFileSize
CreateFileMappingA
MapViewOfFileEx
GetProcessHeap
CreateProcessA
WriteFile
ExpandEnvironmentStringsA
GetCurrentProcess
TerminateProcess
ExitProcess

user32

wsprintfA

advapi32

RegCreateKeyA
RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegCloseKey
RegQueryValueExA

ws2_32

htons
inet_addr
gethostbyname
socket
inet_ntoa
connect
bind
closesocket
send
htonl
WSAGetLastError
__WSAFDIsSet
ioctlsocket
select
WSAStartup
recv
accept
listen

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ