Builder #6[.]exe[.]infected | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Builder #6.exe.infected
Size

1.3MB
MD5

4caed3373183b76693cebb8f917faa1f
SHA1

10d2a0c799b6231bc90d66fe59a8245e74bbbaf0
SHA256

a4b302ddaecc5ca50b48152644e3a101d389ed6b72abeb3c610f5f1facaf4547
SHA512

83670f489cb7e4be492e3361ba2291dc725ce5ce7694c5f6e9c988b680dca4147042b2ae8c0d2e78bbda5fa2d6b8c7ca83c8299bd4f1594107262ca26d276128
SSDEEP

24576:9+wX5srLfqvsEdM1QwQEKLQk1HffVIjoX4MdFJnr89DP+:0i0E2/pAJfzX4+FJr8RP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Builder #6.exe.infected

Files

Builder #6.exe.infected
.exe windows:4 windows x86 arch:x86

51d5f507286fe9a2db75f423fbc06a61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

fabs

comctl32

InitCommonControls

user32

IsChild

gdi32

BitBlt

ole32

CoInitialize

shell32

ShellExecuteExA

winmm

timeEndPeriod

shlwapi

PathQuoteSpacesA

Sections

.MPRESS1
Size: 1.3MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE