bfe30597ff13f956697bdf3430a583fb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfe30597ff13f956697bdf3430a583fb
Size

23KB
MD5

bfe30597ff13f956697bdf3430a583fb
SHA1

56788f368d3eb6ef66f165f9d015f34852ec84cc
SHA256

4da8dcb74d92c6f2519de5d7972b3620c4b243d7cb79ba23657a1ad101b48758
SHA512

6a70f61c478674af9ff60ef883f89cec16bac215303f7cef4c8c7aac0051c2c686303c58ae8ab9082758c027f1b06bb9c74cec18439235458d7ad8af1922b513
SSDEEP

384:9E3sLwM4+YpfoiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiLiiiiiriiiiiriii6:9kGwd+29F8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfe30597ff13f956697bdf3430a583fb

Files

bfe30597ff13f956697bdf3430a583fb
.exe windows:10 windows x86 arch:x86

22de704cf966652b93c31b3a18a72f1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shell32

ShellExecuteW

msvcrt

exit

advapi32

EventRegister

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

Sections

.MPRESS1
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE