Torpig miniloader_0F82964CF39056402EE2DE9193635B34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Torpig miniloader_0F82964CF39056402EE2DE9193635B34
Size

237KB
MD5

0f82964cf39056402ee2de9193635b34
SHA1

464a17b62b3b89d1a5b2f2cb5e6c7589c25a8a90
SHA256

70484a2a2ba530d910ca3f3919b2e128579eda1c4f55248d865412d85ddf15cf
SHA512

ffcdca939edf7bad43aea85a900574d5adf39a9f3aedc204d12fcc8364a95d598f32b6f5a9492a2e3c1f112244674ecd5863833f86508357421a236fd0f8838f
SSDEEP

3072:0jzq6CUaUOq3qtNXsn5iP842ZF5pEnTlPMf7F+jIDCn9ioxXAMCQ8k:A+UOkqXhSZFDeKf5XDPoxQM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Torpig miniloader_0F82964CF39056402EE2DE9193635B34

Files

Torpig miniloader_0F82964CF39056402EE2DE9193635B34
.exe windows:4 windows x86 arch:x86

Password: infected

8116f49d45d2fd55c990c058161bad0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

packaigee.pdb

Imports

shlwapi

PathRemoveBlanksA
PathIsDirectoryEmptyA
PathIsDirectoryA
StrFormatKBSizeW
SHRegWriteUSValueW
PathGetDriveNumberA
UrlIsW

kernel32

OpenThread
SetMailslotInfo
FindVolumeClose
GetPrivateProfileIntW
GetBinaryTypeA
SizeofResource
FreeConsole
GetThreadContext
EnumResourceLanguagesA
VirtualAlloc
FillConsoleOutputCharacterW
SetEvent
GetDriveTypeA
DosDateTimeToFileTime
HeapAlloc
ClearCommBreak
WriteFileEx
InterlockedIncrement
OpenEventW
CreateTimerQueue
RemoveDirectoryW
GetProcessHeap
GetFileInformationByHandle
WritePrivateProfileStructA
SetVolumeMountPointW
GetVolumeInformationW
RequestDeviceWakeup
MapUserPhysicalPages
GetFullPathNameA
GetFileSize

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ