101485fc00f88e36ad17aafe2277cbdfe8c4a77d72666123364d9e1ec8ecc369

General

Target

101485fc00f88e36ad17aafe2277cbdfe8c4a77d72666123364d9e1ec8ecc369
Size

74KB
MD5

86e12fd66d19af655d941d33c7339119
SHA1

9d8f52a1dd65c9f2cdee7850fa3c26f9f85fb8c4
SHA256

101485fc00f88e36ad17aafe2277cbdfe8c4a77d72666123364d9e1ec8ecc369
SHA512

115d57761c612d230546d89de50254a2b88a16c990cc137db4a7cd45161f9eb41f9d1f976517269a57d4a403d9c57a75d3977baebe6b8795a4d2d976c530895a
SSDEEP

1536:+QG2DKKF5N98CzzvhibTMXCELe9Tm3g5M6BkvW2PzXNX0G3:LwKzjEbTMyWedelO2rNR

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xa.exe

101485fc00f88e36ad17aafe2277cbdfe8c4a77d72666123364d9e1ec8ecc369
.zip

Password: infected
xa.exe
.exe windows:4 windows x86 arch:x86

042c3e0dabd645f5ceb44bd41cdd4002

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
Sleep
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
HeapFree
FreeLibrary
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA
GetModuleHandleA

msvcrt

exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
??2@YAPAXI@Z
free
realloc
??3@YAXPAX@Z
_acmdln
_stricmp

Exports

Exports

Hai

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE