c061564aa35e563ee334679ba37e4760 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c061564aa35e563ee334679ba37e4760
Size

403KB
MD5

c061564aa35e563ee334679ba37e4760
SHA1

a2e4a52f16d250d5aa35380ef54fbe021e323b40
SHA256

c64b8745d4d8d13a41717c132f0e783f0ddc077bd86cb613ff46f5f1954bfbff
SHA512

05018654f74e6742d34a8b727e47503ab0dc7457a8e79ca1a2516e5dab13a8f661945c454a779fb025350476e5f57ed06cfb27b88dd787ed462b0911dad38926
SSDEEP

6144:aHMABL3CFa3Se9l463A+SltF0lsZTxprOUmdhEHzmvrttfax4sLUVZ8WiQGzkIOc:iVf3Se9O6wHrFCwTy3djRt2W80795

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c061564aa35e563ee334679ba37e4760

Files

c061564aa35e563ee334679ba37e4760
.exe windows:5 windows x86 arch:x86

017029425e04f287e07d4febc2545ae4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AreFileApisANSI
lstrcmpiA
SetPriorityClass
GetCommandLineA
WaitNamedPipeA
GetConsoleCommandHistoryW
WaitForSingleObject
BeginUpdateResourceW
VirtualProtect
VirtualProtectEx
GetCommModemStatus

msvcrt

__crtGetLocaleInfoW
_ltow
_wperror
_lseek
__p__mbcasemap
_seh_longjmp_unwind
__initenv
__isascii
_cwait
_wfindfirst
_wstat64
gmtime

Sections

.text
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 274KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE