bb0f8685be05dc780a2ccee9e162d0d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb0f8685be05dc780a2ccee9e162d0d2
Size

95KB
MD5

bb0f8685be05dc780a2ccee9e162d0d2
SHA1

00e70f570e2c25fbff53595207c7cc8cb5937d4a
SHA256

bbc94e831d13f55fcb5f79ce087f1caec35c3377387defa867569a88b28a04fb
SHA512

e3871b38bb93873016c3a600aa9124ae472c2f53cbb1ec5309bfdf64633122b518f8d7dfe89acf112b2d3e577a9b608afb9057d525290f1b742fbfe231897f00
SSDEEP

1536:nwhq8V9IpPf2lgiIJ4pivJnuNVueC39GdBR3M9cR0:nqV9MziU4piRun7C3CP3MB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb0f8685be05dc780a2ccee9e162d0d2

Files

bb0f8685be05dc780a2ccee9e162d0d2
.exe windows:5 windows x86 arch:x86

0387d7197769bd3cd788524003bf2efa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

EndPaint

advapi32

RegCloseKey

shell32

ShellExecuteA

ws2_32

WSAStartup

iphlpapi

GetAdaptersAddresses

Sections

.MPRESS1
Size: 35KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE