c8b4cbfc2cc2f68248643bbeee7e5902 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8b4cbfc2cc2f68248643bbeee7e5902
Size

5KB
MD5

c8b4cbfc2cc2f68248643bbeee7e5902
SHA1

13f59cb278b63083deea14d41343fb84394f2095
SHA256

5b9eb6e04c02cb7b9809477e060aea634a4918697c6b49bad567f443a9fb42bb
SHA512

374999dc29c403d8c7dbdaefd84244fcf60fceebd12978a146e62103c691b6b5b88b267219efaba224c1ef6560a057d4b92a1efe2e308647b3f6534a0c3bf254
SSDEEP

48:qr6+txs38J5NoukoAyWSBDZUdcb+x4lZxMPgPyhuPGva7vlxYVl9+RuqSAfu:s6QA8xDvA0JHlMgFcVuxXfu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8b4cbfc2cc2f68248643bbeee7e5902

Files

c8b4cbfc2cc2f68248643bbeee7e5902
.exe windows:5 windows x86 arch:x86

4f987bd4554e07695bdc072f30667ca7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Projects\far\artemsen\Sniffer\_Release-x86\16.0\FarSniffer.pdb

Imports

ws2_32

WSACleanup
bind
closesocket
gethostbyname
WSACloseEvent
WSACreateEvent
WSAStringToAddressW
WSAStartup
WSAResetEvent
socket
gethostname
WSAWaitForMultipleEvents
WSARecv
WSAGetOverlappedResult
ioctlsocket
WSAGetLastError

kernel32

CloseHandle
GetCurrentProcess
lstrcmpW
FreeLibrary
LocalFree
GetProcAddress
LoadLibraryW
GetCommandLineW
GetLastError
OpenEventW
CreateFileW
TerminateProcess
WriteFile

shell32

CommandLineToArgvW

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ