5681db00bee13a1ab037d6bfba1f5d20N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5681db00bee13a1ab037d6bfba1f5d20N.exe
Size

150KB
MD5

5681db00bee13a1ab037d6bfba1f5d20
SHA1

112c028e2b517d3a1cf03824abaf365106df6126
SHA256

331702b6bfaad479385d9e490e23c904778375895c59e522dd8c03367c51362d
SHA512

01a652b6ce998fe93a632cc4d18f1a93c1a6a1430d398560845dffaee05ee0ba0e7691fc87e5c9dc66e576f17d695d41cfca9a5efb976119484f8434427f81ab
SSDEEP

3072:lBk8mIvuEPGb02TaQgNIdlPpKZd2AFm2gwjoonf0Ye0qb:lBPQAIbxKSKcw3nf0nVb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5681db00bee13a1ab037d6bfba1f5d20N.exe

Files

5681db00bee13a1ab037d6bfba1f5d20N.exe
.exe windows:4 windows x86 arch:x86

c825d892ec1994311831ac7bb64ddf1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSAGetLastError
recv
socket
connect
send
closesocket

kernel32

Sleep
LoadLibraryA
GetProcAddress
TerminateThread
lstrlenA
MultiByteToWideChar
ExitProcess

oleaut32

SysAllocStringLen
SysFreeString

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE