6b71d53c3ac8268d566a9a173469c585ef15593c649e07d8418a117b74d4fbcd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6b71d53c3ac8268d566a9a173469c585ef15593c649e07d8418a117b74d4fbcd
Size

149KB
MD5

5bb6f943dbb3e8de7c5f4507a30b015e
SHA1

b3efdfa90080ef4298eeaee73dcc00e04a16577b
SHA256

6b71d53c3ac8268d566a9a173469c585ef15593c649e07d8418a117b74d4fbcd
SHA512

bf039e5a4ecf76daab0d61cd5be58b458168e4c49898dddd8078e8c61a38f073c78be8ce6e59e0f3193468ebff4cf0f46538e44a31ae48c20b646b0c0e0dedd3
SSDEEP

3072:lBk8mIvuEPGb02TaQgQO2lloB7qnL9aPmlxJ+Yrm11:lBPQJllwpoYY+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6b71d53c3ac8268d566a9a173469c585ef15593c649e07d8418a117b74d4fbcd

Files

6b71d53c3ac8268d566a9a173469c585ef15593c649e07d8418a117b74d4fbcd
.exe windows:4 windows x86 arch:x86

c825d892ec1994311831ac7bb64ddf1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSAGetLastError
recv
socket
connect
send
closesocket

kernel32

Sleep
LoadLibraryA
GetProcAddress
TerminateThread
lstrlenA
MultiByteToWideChar
ExitProcess

oleaut32

SysAllocStringLen
SysFreeString

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE