b560b25c79fc98e20bb80cad68ee1422 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b560b25c79fc98e20bb80cad68ee1422
Size

12KB
MD5

b560b25c79fc98e20bb80cad68ee1422
SHA1

5339b6715a40182d7d676f212483b852da6e986d
SHA256

9d7136c62da9432261efb36ba2d10d69e3cec5f12a21b7b8a85abd564285a0b9
SHA512

10de59fb912761c37337e65380b359d9b3f7a4e5bc4e71ebfb2e03a7a56da86ee20db8dd42022c08506eb29b1554567b7c6c10bc6f83e5bbbc0ee7baaf577e10
SSDEEP

192:n1WtkbVWB3d/25tlhtRRZct868agEtemU2gIXmVWn7cCldbswVgA:utOlhUUYXtn7dldbsTA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b560b25c79fc98e20bb80cad68ee1422

Files

b560b25c79fc98e20bb80cad68ee1422
.dll windows:4 windows x86 arch:x86

f9323a952c39151ad03e7cda80365b55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExpandEnvironmentStringsA
CloseHandle
Sleep
GetTickCount
DeleteFileA
ReadFile
SetFilePointer
GetFileSize
WaitForSingleObject
CreateProcessA
CreateFileA
WinExec

mfc42

ord540
ord800
ord665
ord5442
ord3318
ord825
ord6385
ord1979
ord5186
ord354
ord823
ord2818
ord860
ord535
ord858
ord537
ord940
ord6874
ord4204

msvcrt

strrchr
_beginthreadex
rand
srand
__CxxFrameHandler
_iob
sprintf
free
malloc
fclose
fwrite
fopen
__dllonexit
_onexit
_initterm
_adjust_fdiv

wininet

InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA

ws2_32

WSAStartup

iphlpapi

GetAdaptersInfo

Exports

Exports

Start

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ