cdb6d128673dddeea7598436f27a612d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cdb6d128673dddeea7598436f27a612d
Size

32KB
MD5

cdb6d128673dddeea7598436f27a612d
SHA1

105de3c1f4f5c7c3bc89f9e3b19e4ab538021603
SHA256

a98dc208f9c209c69d5c4cab61c76ccc6c22bb2d7687b05a7b9ce0aa11b2d1a4
SHA512

564cd72ff3fd159d4d33355479135f2926c13549203b4fd0e33b358576073d7daf424a737fd1a7785fe8669901ecebc232e5de8c86dd9cf38b057895f0edbf06
SSDEEP

384:bTZ/6/iWLAU2W13TIgSNK1AeaV01JAPXmlLycnyZemjSauko1XX:GiWLAFqIg9aea+1JARE1mZuko5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdb6d128673dddeea7598436f27a612d

Files

cdb6d128673dddeea7598436f27a612d
.exe windows:4 windows x86 arch:x86

f8c25bb5309edda26d02e722b6711478

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
CreateThread
GetLastError
SetHandleCount
GetStdHandle
SetStdHandle
LCMapStringW
CloseHandle
SetFilePointer
FlushFileBuffers
LCMapStringA
GetProcAddress
LoadLibraryA
VirtualAlloc
GetOEMCP
HeapReAlloc
GetCPInfo
ExitProcess
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
Sleep
GetEnvironmentStringsW
GetStringTypeW
GetACP
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
HeapAlloc
MultiByteToWideChar
GetStringTypeA

ws2_32

recv
inet_ntoa
setsockopt
connect
getsockname
WSACleanup
sendto
inet_addr
htons
WSAStartup
socket
closesocket
bind
WSAIoctl

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE