01636faaae739655bf88b39d21834b7dac923386d2b52efb4142cb278061f97f | Triage

Sharing

General

Target

01636faaae739655bf88b39d21834b7dac923386d2b52efb4142cb278061f97f
Size

12KB
MD5

6e4e030fbd2ee786e1b6b758d5897316
SHA1

625644bacf83a889038e4a283d29204edc0e9b65
SHA256

01636faaae739655bf88b39d21834b7dac923386d2b52efb4142cb278061f97f
SHA512

86a95a502500ff696002405248a77bace03da3b11c3993bddac80063e18b6c4f78cb673616f79f338c851086dcaa901f6d72f8ff9a95f79688e46bfab3d0ca07
SSDEEP

192:DEtiHbvXCOWBBH+gtwP/p24xDf0qGsikxrnw1oyn5LE5D3tK+c5Q:Qt+rXLwegtwHp2kfqb1TL4tK95

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01636faaae739655bf88b39d21834b7dac923386d2b52efb4142cb278061f97f

Files

01636faaae739655bf88b39d21834b7dac923386d2b52efb4142cb278061f97f
.exe windows:4 windows x86 arch:x86

05ac0512f3cfa17fca971eebb20647ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord800
ord823
ord1979
ord4204
ord6874
ord940
ord537
ord2818
ord825
ord858
ord540
ord535
ord354
ord665
ord5186
ord6385
ord3176

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
strstr
atoi
__CxxFrameHandler
malloc
free
_iob
_beginthreadex
sprintf
fopen
fprintf
fclose
exit

kernel32

GetStartupInfoA
Sleep
CloseHandle
ExpandEnvironmentStringsA
DeleteFileA
ReadFile
SetFilePointer
GetFileSize
WaitForSingleObject
CreateProcessA
CreateFileA
GetTickCount
GetLastError
GetModuleHandleA
GetLocalTime

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ws2_32

closesocket
shutdown
recv
select
WSAStartup
send
connect
inet_addr
htons
socket
ioctlsocket
setsockopt

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE