98f819749c84b1d06eff8e1da60b9964e7d47387f895b4f13e8c4860e4e9bb6c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

98f819749c84b1d06eff8e1da60b9964e7d47387f895b4f13e8c4860e4e9bb6c
Size

18KB
MD5

de7e29b8859d3c95da3893e842be3c5f
SHA1

23182edcd853bd0953b2f168357df34df64192be
SHA256

98f819749c84b1d06eff8e1da60b9964e7d47387f895b4f13e8c4860e4e9bb6c
SHA512

98ae61393b9c84f2102335a7a6e4022e956085e3ab2902e1a3315fd8870c8ad3e852da823a2c1fc377cc0458d7698b8e6747de14980075433ac93ae23da58bbc
SSDEEP

384:kkPWTLNyswDM3hchVG1V95/W7d+zrNxGZ7loJd+vj3DWvVUdN2fn7KQCA:W0M32o13/W66GWA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98f819749c84b1d06eff8e1da60b9964e7d47387f895b4f13e8c4860e4e9bb6c

Files

98f819749c84b1d06eff8e1da60b9964e7d47387f895b4f13e8c4860e4e9bb6c
.exe windows:4 windows x64 arch:x64

6660a59c6069a828a9fc06cc44fa65c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
strcat
sprintf
memset
calloc
gets
vsprintf
getenv
system
abort
atexit
_getcwd
tolower
toupper
memmove
_vsnprintf
__set_app_type
_controlfp
__argc
__argv
_environ
__getmainargs
exit

kernel32

WriteConsoleA
GetStdHandle
GetProcAddress
GetModuleHandleA
IsDebuggerPresent
VirtualAlloc
VirtualProtect
CreateThread
WaitForSingleObject
VirtualFree

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ