c23f94194f4053cfbcdfc43a4fbe675a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c23f94194f4053cfbcdfc43a4fbe675a
Size

39KB
MD5

c23f94194f4053cfbcdfc43a4fbe675a
SHA1

a857cd93e14671a200e2825a667157a487806b27
SHA256

261b34dba9313bd3b7fb352c367b4e55a6586c20e176cb12822ddb100cc2979c
SHA512

19f187295ecc36e5bc0b9ab1493df87bd1842c2203e8cfa6e2b37877d601a97578bb848b39946b09cf40240dd05c8270f0cf677a6689358ab28a74bc38355b39
SSDEEP

768:53jvL0T1elgDUW3y7EAZIvRO3SJlsehfLWeCotztjx+WJk+/Mwdq:1jzA1elgDkavw2Xhf5ztjx+AkwU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c23f94194f4053cfbcdfc43a4fbe675a

Files

c23f94194f4053cfbcdfc43a4fbe675a
.exe windows:5 windows x86 arch:x86

22b3b107c631385480afb144850481a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
ExitProcess
lstrcmpiA
GetProcAddress
VirtualProtect
IsBadReadPtr
LoadLibraryA
CreateThread
GetModuleHandleA

user32

DefWindowProcA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SendMessageA
KillTimer
GetMessageA
DispatchMessageA
TranslateMessage
SetTimer

Exports

Exports

func1
func2
start

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ