ccba6705beea3be87e3dda24a926bd6a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ccba6705beea3be87e3dda24a926bd6a
Size

256KB
MD5

ccba6705beea3be87e3dda24a926bd6a
SHA1

e049bf494f4e92b3d8028d9273313656135ff072
SHA256

9255234d4a6b8393f45466873184c168ff4fb1192e8bf3cfcff8320549e592d7
SHA512

de7bec1e7cd1fb8d703f874df241ce89b23e9d11956ac1d118789e457247b19e7671bd8797a287f4745f143eea345e8fd7e5309c1590ccc2854a6c923c627af0
SSDEEP

3072:jUzgJBonqJ8/CWXtZkEimJhEdgtConknNP90tRg2VqdRWjlGwxviPL7:p+nG8/WmJvlkN10rqPWjlty

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ccba6705beea3be87e3dda24a926bd6a

Files

ccba6705beea3be87e3dda24a926bd6a
.exe windows:4 windows x86 arch:x86

46919eefc31fd652c2a09fe8df1e5cf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetObjectContext
GetHGlobalFromStream
OleRegGetUserType
StgOpenStorage
CoDisconnectObject
PropVariantClear
CoCreateInstanceEx
CLSIDFromProgID
CoUnmarshalInterface
StringFromIID

msvcrt

atol
sqrt
memcpy
log

version

VerQueryValueA
GetFileVersionInfoA
VerInstallFileA

kernel32

GetCommandLineW
LoadLibraryA
GetModuleHandleA
ExitProcess
GetVersionExA
GetProcAddress
GetLastError
GetCommandLineA
VirtualAlloc
lstrlenA
ExitThread
VirtualAllocEx
IsBadReadPtr
GetModuleHandleW

Sections

CODE
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ