c9d5dc956841e000bfd8762e2f0b48b66c79b79500e894b4efa7fb9ba17e4e9e | Triage

Sharing

General

Target

c9d5dc956841e000bfd8762e2f0b48b66c79b79500e894b4efa7fb9ba17e4e9e
Size

36KB
MD5

f01a9a2d1e31332ed36c1a4d2839f412
SHA1

90da10004c8f6fafdaa2cf18922670a745564f45
SHA256

c9d5dc956841e000bfd8762e2f0b48b66c79b79500e894b4efa7fb9ba17e4e9e
SHA512

fdbbae6e609820a62fe06a9eae2388d58fd99235ec0bd704e8e808d9bf03629195b5454cd19ac02e77d344791b345e9328f551af4852df0f95f91f6fd9a9b197
SSDEEP

384:xl+ZbDOfdyXM5ceI8cmoGfOyGPkof7DPzwVkgt+kFab6BCXS2brlszQ:T+4f9I8YCGPkm7GYkEb4CXSwX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9d5dc956841e000bfd8762e2f0b48b66c79b79500e894b4efa7fb9ba17e4e9e

Files

c9d5dc956841e000bfd8762e2f0b48b66c79b79500e894b4efa7fb9ba17e4e9e
.exe windows:4 windows x86 arch:x86

2fa43c5392ec7923ababced078c2f98d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
gethostbyaddr
gethostbyname
recvfrom
sendto
ntohl
select
__WSAFDIsSet
socket
htonl
htons
bind
WSAGetLastError
ntohs
inet_addr
WSACleanup

kernel32

GetLastError
Sleep

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
strpbrk
_adjust_fdiv
fflush
fputc
fputs
_iob
strchr
fprintf
memset
printf
fopen
atoi
exit
puts
strcmp
strerror
_errno
_strdup
_assert
putc
vfprintf
calloc
malloc
_pctype
_isctype
__mb_cur_max
sprintf
strncmp
strcpy
strncpy
memcpy
strlen
ctime
time
strtok

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE