d397b780778228da77fbcdf14380328d | Triage

Sharing

General

Target

d397b780778228da77fbcdf14380328d
Size

180KB
MD5

d397b780778228da77fbcdf14380328d
SHA1

bc36c0df66440700f321c52e21af3700996accd1
SHA256

a55926b04a5ed19cc42be0294b6d53ee48914c8dae254e844d1b28a1d98a862a
SHA512

20cf4f7405894b85c66ec68a55e89093977c66c407dfbc1458a39bb4633a7142bd944412f455ada5142b9f9d978274b382b5e54f1ae7cef46ee5e2716fa147de
SSDEEP

3072:YC2OvOtNQDoykoNYqQPlSf8v4mHKTp/7M4b7AS5hhMXptUeKQvoKLzrvdF662tm4:aOvOtDyhNYqQkf8QmHK9/71gS5LM5Wgk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d397b780778228da77fbcdf14380328d

Files

d397b780778228da77fbcdf14380328d
.exe windows:4 windows x86 arch:x86

a7ee8141b799ecd79381b636e2e1b8c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetThreadAffinityMask
LocalShrink
GetCommandLineA
DeviceIoControl
EnumResourceNamesA
GetFileAttributesExA
VirtualUnlock
GetFullPathNameA
GetEnvironmentStringsA
DuplicateConsoleHandle
OpenSemaphoreA
GetVolumePathNameA
CloseHandle
WriteConsoleOutputCharacterW
GetFileAttributesA
GetProcessHeaps
GetCommandLineA
GetDefaultCommConfigA
FindFirstVolumeMountPointA
lstrlenA
GetLogicalDrives
GetCurrentProcess
FatalExit
GetSystemDirectoryA
UnregisterConsoleIME
SetEvent
VirtualAlloc
InterlockedExchange
ExitProcess
SetHandleCount
DeviceIoControl
WaitCommEvent
OutputDebugStringA

ws2_32

recv

Sections

.itext
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 156KB - Virtual size: 815KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ