b7c6a4c56e42b22fdcf4701356e64d49 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7c6a4c56e42b22fdcf4701356e64d49
Size

879KB
MD5

b7c6a4c56e42b22fdcf4701356e64d49
SHA1

681a07929573595066654717e0cfb4dcea5243d5
SHA256

7b9436bb3689b9e8ba56e43fc7d15439fe45d9a8a6a2551e067fe3361e26c875
SHA512

71df540f47e44eedea179847af88529a08348eaf9a0c722bd42077e80993fbc0e38f4432ee29ae315557f5183bf011bd709b1016a7b40d805fca26b623ce91b7
SSDEEP

24576:XtI5oHTnN7HTuHrCxC3R47dFFfvEdkXyK5fCyHNsX2Vl:X3nN7HTuLCY3MdFFnFyKZTsGVl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7c6a4c56e42b22fdcf4701356e64d49

Files

b7c6a4c56e42b22fdcf4701356e64d49
.exe windows:0 windows x86 arch:x86

77b2deee8f0c4cc27d4e9354da8a7336

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ntdll

DbgPrint
DbgPrompt
NtPulseEvent
RtlUlonglongByteSwap
atan

kernel32

GetModuleHandleA
CreateFileA
GetLastError
WriteFile
ReadFile
GetVersionExA
ExitProcess
CloseHandle
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trash
Size: 508KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ