be43f7e0344d9b77394a7ab96ca8806f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be43f7e0344d9b77394a7ab96ca8806f
Size

9KB
MD5

be43f7e0344d9b77394a7ab96ca8806f
SHA1

51df5b5af926f4a418dbd62701dc7424851cdcb8
SHA256

8d7711fc56a5a15f26348f8443b610453b54aafa2ea29a7e814bf6b994d8c68c
SHA512

1b65f13001a0be694a46f14c30783bdc357ef652a4a5006b6f65b64c31f09835cd1d4cd57ff4c88b29e72707788336913162e8781edb4b5d55387c1cc7df00e1
SSDEEP

192:YnZiwGgPHY68fWZRRC1u27H1NZu7lN3wI2K/v:YDpbi3I2Cv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be43f7e0344d9b77394a7ab96ca8806f

Files

be43f7e0344d9b77394a7ab96ca8806f
.exe windows:4 windows x86 arch:x86

c1b0a9ad96c283edda3db9b8ea482944

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
WideCharToMultiByte
lstrcpyA
lstrcatA
WaitForSingleObject
ExitProcess
GetModuleHandleA
GetCommandLineA
CreateEventA
GetProcAddress
CloseHandle
CompareStringA
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapFree
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
GetFileAttributesW
SetFileAttributesA
WinExec

user32

IsWindow

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE