Backdoor[.]Win32[.]Shark[.]gfc-bd3026127fe5c6e161fd612c2779efa72aa7a7d1324226a435eae8202bc7413c | Triage

Sharing

General

Target

Backdoor.Win32.Shark.gfc-bd3026127fe5c6e161fd612c2779efa72aa7a7d1324226a435eae8202bc7413c
Size

305KB
MD5

5ff4b7f5334e8c4d1f6eefe5a0af1ff6
SHA1

1c65c72416a31fda76d6d824f8e739f8b24c40ea
SHA256

bd3026127fe5c6e161fd612c2779efa72aa7a7d1324226a435eae8202bc7413c
SHA512

8fa34cdbc48b06131cd0d24bc337dce4498f0134c81fef44a81f16ee473104cf79a880d0499415c740941ff02ccdcd428ea2172f6156d23f6fb020b8dc21dde2
SSDEEP

6144:zdZOSoyCVuqaGqqCG6K3SidwlBUov2GBxgGNkVsuaRaU6mHG:pIx0UEHgA0aRz6mHG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Backdoor.Win32.Shark.gfc-bd3026127fe5c6e161fd612c2779efa72aa7a7d1324226a435eae8202bc7413c

Files

Backdoor.Win32.Shark.gfc-bd3026127fe5c6e161fd612c2779efa72aa7a7d1324226a435eae8202bc7413c
.exe windows:1 windows x86 arch:x86

2ed0b6e28b1e742765ef39a145eeeeec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
DeleteFileA
ExitProcess
WriteFile
GetCommandLineA
lstrcatA
GetTempFileNameA
GetTempPathA

crtdll

_mkdir
_getcwd

shell32

ShellExecuteA

shlwapi

PathQuoteSpacesA
PathAddBackslashA

user32

wsprintfA

Sections

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gu_idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ