d788e4ba2d73f262f79c54149d27d47b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d788e4ba2d73f262f79c54149d27d47b
Size

8KB
MD5

d788e4ba2d73f262f79c54149d27d47b
SHA1

84f608f72e75d5221e352c04d351068d472d21e3
SHA256

94e2c79858861bef1b64b42192a1a8d4aca5bafea6f0cf7d7cc83772430e82ef
SHA512

60f2f876de79368a092c010af13787a70a573e1dbd4da1b6b98bf5761967cd876335d2aabd5861ad13998cde203905ed3c14f565e453a5dbf614069bb7517394
SSDEEP

96:ZObJoYNWMgTjVheBZlRFb80RDEkugkRfsBBsm/vOXabyqK/vY8hL55a2TO2nMmjc:ZOV+MgKVDyf8BsmeXLHtx7b/eIe9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d788e4ba2d73f262f79c54149d27d47b

Files

d788e4ba2d73f262f79c54149d27d47b
.exe windows:4 windows x86 arch:x86

70ab296eb998bc6b5d6f84d7a69e49b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetSystemDirectoryA
GetModuleHandleA
GetWindowsDirectoryA
Sleep
ExitProcess
GetVersionExA
CreateThread
lstrcatA
CopyFileA
lstrcmpiA
lstrcpyA
lstrlenA
CreateFileA
CloseHandle
GetCommandLineA
WriteFile
WritePrivateProfileStringA
lstrcmpA

user32

ExitWindowsEx

wsock32

htons
send
socket
listen
ioctlsocket
recv
connect
closesocket
bind
accept
WSAStartup

shell32

ShellExecuteA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE