ca006bc637f530599ad6d397d49a01d89ccfcc9918a9a2dd7d05a985d1f05563 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca006bc637f530599ad6d397d49a01d89ccfcc9918a9a2dd7d05a985d1f05563
Size

481KB
MD5

67b26616f3b49b627ce6a67015a8d438
SHA1

6f3ba13c195b6c93ac55917e42057b3aec369e24
SHA256

ca006bc637f530599ad6d397d49a01d89ccfcc9918a9a2dd7d05a985d1f05563
SHA512

d1c9407081120f0d4e2c7955eb74d29ff7582bd88c08f792045e7aff8cd310623e1705601fed6d3210ba82a02e2e2de161855d55605067e3e028b2ba51605833
SSDEEP

12288:/LNx9pgy7V2mAfqqEJBCv1rItoRtpmBwWKbIx0Iwl:/khmAfqq7lImSwWkU07l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca006bc637f530599ad6d397d49a01d89ccfcc9918a9a2dd7d05a985d1f05563

Files

ca006bc637f530599ad6d397d49a01d89ccfcc9918a9a2dd7d05a985d1f05563
.exe windows:5 windows x86 arch:x86

1e455102e78620fdc8b22de698d8ae0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

iocptcp

TcpInit

iocpudp

UdpInit

user32

GetDC

gdi32

LineTo

advapi32

RegCloseKey

shell32

SHChangeNotify

ole32

CoInitialize

oleaut32

SysAllocStringLen

ws2_32

htons

dbghelp

MiniDumpWriteDump

gdiplus

GdipFree

imm32

ImmGetContext

comctl32

ord17

psapi

GetProcessMemoryInfo

Sections

.MPRESS1
Size: 339KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE