b6d797cdf61d4653a2681efeb11315e4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6d797cdf61d4653a2681efeb11315e4
Size

449KB
MD5

b6d797cdf61d4653a2681efeb11315e4
SHA1

d864dd6de3156cf88ea280d295fdba3162f5172a
SHA256

9dff7ab0f0acb3e9aa5ab3a6fa5a63bbf7d079b127c5f97446ba5024698f963f
SHA512

280a39f1a92319a105cc8fe3bf10888a69bb70f12d0761fbb647bb7a76d2847fa696c36ff7cf1d0c3382be80de34397aca61e6d9b186571f65b0872e5aa42ecb
SSDEEP

12288:YqxKMyboKFD4H6/IpDsCjTWPqPF9tztLAfE3:YqxUDG6/IpDzjTWCP7H8k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6d797cdf61d4653a2681efeb11315e4

Files

b6d797cdf61d4653a2681efeb11315e4
.exe windows:4 windows x86 arch:x86

ba92246391d9b475c869bda0237e3ab8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LoadLibraryA
GetCurrentProcess
CreateFileA
LCMapStringA
ExitProcess
CloseHandle

user32

CloseWindow
wsprintfA
SetWindowLongA
CharLowerBuffA
CreateWindowExA

advapi32

RegQueryValueA
RegSetValueA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegEnumValueA

Sections

.text
Size: 4KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ