fbb5a94e9c2aaa820665a871fcef9f10bbf0e9ce3cf05a76b52eddf0d442e84d | Triage

Sharing

General

Target

fbb5a94e9c2aaa820665a871fcef9f10bbf0e9ce3cf05a76b52eddf0d442e84d
Size

80KB
MD5

9aed09699f44fecfb07ee68dfc556c5d
SHA1

89a4fccf455034dd27758a2f03d22341bb1d736d
SHA256

fbb5a94e9c2aaa820665a871fcef9f10bbf0e9ce3cf05a76b52eddf0d442e84d
SHA512

58b81085a60e2e7bb53362a9369f242a61c46b2fea558fa4010f60bb47b7786162a589cb611db7d972b020f70461c8d61f28ee414f5f6abe0a405201785867be
SSDEEP

768:GoYZDGiB9Y5X1RfHom5Qxl2z64rLoDR07I66rC4qQxl2z64rLoDR07I66rC4:GLBAXPoIskz/oo16rXqskz/oo16rX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbb5a94e9c2aaa820665a871fcef9f10bbf0e9ce3cf05a76b52eddf0d442e84d

Files

fbb5a94e9c2aaa820665a871fcef9f10bbf0e9ce3cf05a76b52eddf0d442e84d
.exe windows:4 windows x86 arch:x86

a480371091e176d7d1c2c5c05e3de900

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetModuleFileNameA
LCMapStringA
GetStringTypeW
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
GetProcAddress
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
LCMapStringW

user32

MessageBoxA

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ