c0381455323b2b117bcd7f1db08df55d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0381455323b2b117bcd7f1db08df55d
Size

206KB
MD5

c0381455323b2b117bcd7f1db08df55d
SHA1

49ebe1669a32ab29d38aa4e8b9f4e438ef489629
SHA256

4fc74624ecaab1563f2d4b069d405c119f39e25a486b469be7fd2f102998bb39
SHA512

cbe4317f4636f754abfafc8edea2e115103ef2976c0e548a60a259956b663ff60a7c68b8c21753c3537a81551a51464448b830081af0496216a30c53718ee573
SSDEEP

6144:vyqhODiJ4hfV4uRxnwei8ej0EJfhs+5kKFVBfKKnsT:vyfx4uR9JejNt+4VB1Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0381455323b2b117bcd7f1db08df55d

Files

c0381455323b2b117bcd7f1db08df55d
.exe windows:4 windows x86 arch:x86

2e9cbe8ca600ebd19f47f3a94f8e2158

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
CreateFileA
VirtualAlloc
FindAtomA
ResetEvent
GetModuleHandleA
HeapSize
GetEnvironmentVariableA
GetCurrentDirectoryA
ExitProcess
FindVolumeClose
GetExitCodeThread
ResumeThread
GetFileSize
IsBadCodePtr
SetEndOfFile
DeleteFileA
FindVolumeClose
SetFileAttributesA
EnterCriticalSection
HeapDestroy
WaitForSingleObject
ReleaseMutex
GetCommandLineA
CloseHandle

wininet

FtpOpenFileA
FtpPutFileA
FtpCreateDirectoryW
DeleteUrlCacheEntryA
DeleteUrlCacheEntryA
HttpEndRequestA
HttpQueryInfoA
FtpGetFileW
FtpDeleteFileA
DeleteUrlCacheEntryA
FtpGetCurrentDirectoryW
FtpFindFirstFileA
FindCloseUrlCache

sisbkup

SisRestoredLink
SisRestoredLink
SisRestoredLink
SisRestoredLink

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ