e50c56dbbdebf61f7ca4ddfd15ffed70N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e50c56dbbdebf61f7ca4ddfd15ffed70N.exe
Size

17KB
MD5

e50c56dbbdebf61f7ca4ddfd15ffed70
SHA1

2dd0b8ece24987b6c32471071412e529ff7e2657
SHA256

5f4671347887d81c03c661e0d6ea82dbc1d79a2da21d205b053f9f3b9384c949
SHA512

dad8d4cbdeddf9266a37f203c4336dd6acd64d4458665191a2996c2dbc007df1a19a13f4d99dac9100fe1b398aba0dd92d22471c4719dce6bb7612d6f371ec76
SSDEEP

384:qdd/mIYPnZlhvjtOX2UYSYXasDWsTVHNFQc/bU:emIYP7h7zUYSqTZX/Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e50c56dbbdebf61f7ca4ddfd15ffed70N.exe

Files

e50c56dbbdebf61f7ca4ddfd15ffed70N.exe
.dll windows:6 windows x86 arch:x86

e29360c4369b07d2384e64a38d825636

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\GangstaPatch\GangstaPatch\Release\Release\GangstaPatch.pdb

Imports

kernel32

CloseHandle
CreateFileA
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
FlushInstructionCache
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetProcAddress
GetProcessHeap
GetProcessHeaps
GetSystemInfo
GetThreadContext
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
OpenThread
ReadFile
ResumeThread
SetCurrentDirectoryA
SetProcessAffinityMask
SetThreadContext
Sleep
SuspendThread
Thread32First
Thread32Next
VirtualAlloc
VirtualFree
VirtualQuery
WritePrivateProfileStringA

user32

EnumDisplaySettingsA
MessageBoxA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ