d68a8f2fb539657aff5eceb582cfb7c3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d68a8f2fb539657aff5eceb582cfb7c3
Size

330KB
MD5

d68a8f2fb539657aff5eceb582cfb7c3
SHA1

c4a9c86828ecd6add4e5f7f29e51c4ce55c4b70e
SHA256

7f34c5b2e66633784cd5900710b2fe71f963d12f16135b9f42795bc5a55da4f8
SHA512

4d3393485fe3e9721e20ca8d88ad0c82e995038a23c080c905861d8d92d8585013e2eb80369009d2989837bfd26b33c4aca7ff89ab06eee3a0bd98e1d6b9ee1d
SSDEEP

6144:vLHnviIkzIsHFd1ZN6a4p8EuOHcjEoeuNzlE5EjuMcd9YX+zl1JzV1LTGNCj1+:DHvEzI+b1aa4p7uPjEhu3EckdSQ1Jzvw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d68a8f2fb539657aff5eceb582cfb7c3

Files

d68a8f2fb539657aff5eceb582cfb7c3
.exe windows:4 windows x86 arch:x86

4c79d2036893b06bd6ddc0b39de85556

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
SuspendThread
WaitForMultipleObjects
VirtualProtect
GetSystemDefaultLangID
InterlockedExchange
GetModuleHandleA
GetConsoleCP
CloseHandle
HeapCreate
GetVersion
CompareFileTime
lstrlenA
LoadLibraryExA
GetProfileIntA
HeapReAlloc
GetCommandLineA
WaitForSingleObject
AddAtomA
GetTickCount
GlobalUnlock

user32

GetMenuStringA
CreateCursor
SubtractRect
CreateIcon
GetKeyState
DispatchMessageA
FindWindowA
EnableScrollBar
SetWindowPos
CopyImage
InvertRect
InsertMenuA
ModifyMenuA
GetDlgItem
IsDialogMessage
DrawCaption
SetPropA
CreateCaret
MessageBoxA
DestroyMenu
DialogBoxParamA
CopyRect
GetKeyboardLayout
EqualRect
CreateMenu

netapi32

DsGetDcOpenA
DsGetDcNextA
DsGetDcNameA
DsRoleFreeMemory
DsRoleCancel

wldap32

ldap_add

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ