bf61c4cfc54219dbc1553d66565ba35c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf61c4cfc54219dbc1553d66565ba35c
Size

15KB
MD5

bf61c4cfc54219dbc1553d66565ba35c
SHA1

63ac2124a5c92d3f8935947334fde98741f0b369
SHA256

304efaf14cd2ab52df42c37087185ed21aee93db4a3d8fe9d8ef9ed13292656d
SHA512

53d35d67c40b43bc14352ebebc64a670a32cd83019a42feff234ef26231526b44c97056c9ddc87b91f8df82562bd3d64283d9cbe8fc71a138b4086f4c1fc7068
SSDEEP

384:Ffpp58llxWgrSDtWw2KA9dwylv4hM+th:cjEtWw8OKv4hxh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf61c4cfc54219dbc1553d66565ba35c

Files

bf61c4cfc54219dbc1553d66565ba35c
.exe windows:4 windows x86 arch:x86

5d6ab438168065af6eb5146432931314

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CloseHandle
CreateProcessA
CreateFileA
LoadResource
FindResourceA
CopyFileA
LockResource
Sleep
ExpandEnvironmentStringsA
GlobalMemoryStatus
GetSystemTime
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetVersion
lstrcmpA
CreateThread
GetSystemDirectoryA
GetModuleFileNameA
lstrlenA
GetVersionExA
ExitProcess
TerminateProcess
GetCurrentProcess

user32

wsprintfA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegCreateKeyA
GetUserNameA

ws2_32

htonl
htons
inet_addr
gethostbyname
socket
inet_ntoa
accept
send
bind
connect
WSAGetLastError
__WSAFDIsSet
ioctlsocket
select
gethostname
WSAStartup
recv
closesocket
listen

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ