c34838bef0202dc4954b4d60d7495ad9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c34838bef0202dc4954b4d60d7495ad9
Size

20KB
MD5

c34838bef0202dc4954b4d60d7495ad9
SHA1

f362f40b61efc4c369095f4834cdb7fd7570907e
SHA256

902bc0e3da96e68fe483af86b7511b64e1b95e08cef9297e7771719bff288bb1
SHA512

595421e8fa20255455e9ba4d93686abb227e4db15a263fbbe8703085ee0d54b399f0113e13c100095814b011f2488fd65534ecc3c73089f1b84cb47b4414e4b1
SSDEEP

384:sYWItdX4qPBEcc1nrKrjhXM53ToW3BJ0IQTDxMNPVZt:sYWGdoMIKrjhX23d3NZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c34838bef0202dc4954b4d60d7495ad9

Files

c34838bef0202dc4954b4d60d7495ad9
.exe windows:1 windows x86 arch:x86

a23344cab6eb20b61b699bcb195a7490

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
inet_ntoa
recv
send
socket

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

shell32

ShellExecuteA

kernel32

DeleteFileA
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
CloseHandle
GetTempPathA
GetTickCount
GetWindowsDirectoryA
CopyFileA
OpenMutexA
RtlUnwind
CreateFileA
Sleep
WriteFile
CreateMutexA
lstrcmpiA
CreateThread

user32

wsprintfA

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

crtdll

__GetMainArgs
_stricmp
tolower
atoi
exit
memset
raise
rand
signal
srand
strchr
strcmp
strncpy
strstr
strtok

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 92B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ