c781f6d8a234e00dd23dfe3a164f6320N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c781f6d8a234e00dd23dfe3a164f6320N.exe
Size

139KB
MD5

c781f6d8a234e00dd23dfe3a164f6320
SHA1

2e2bdc832cc1c0b5098e6a10b797735dd7cd954e
SHA256

b0ac7d520146069d4376b0a87069702c5300d7afd7bd793b53a6ea230d54c8cd
SHA512

35151db1305fc1c332a9b1b3ee8f375b1891e3a9170c276dd1da2c857bbba0a06d8b02b5c81c3f5e1eda20256e14fb1208abef356fe7f91eedb18cdc55eb2716
SSDEEP

3072:2h0S1otz15z7d1y3AWEJnAdz+kl7jd+pTBflnPSJytNtNw1zZtph:EL8z1BqACh+npTB9PSJytLNw1Nv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c781f6d8a234e00dd23dfe3a164f6320N.exe

Files

c781f6d8a234e00dd23dfe3a164f6320N.exe
.exe windows:4 windows x86 arch:x86

f3322f65ad4d6deedb8c2f104e1cbbc0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strlen
strcpy
strcat
memcpy
fread
longjmp
_setjmp3
fclose
frexp
modf
floor
_CIpow
atof
malloc
free

kernel32

GetModuleHandleA
HeapCreate
VirtualProtect
HeapDestroy
ExitProcess
lstrlenA
CloseHandle
CreateFileA
SetFilePointer
SetEndOfFile
HeapAlloc
WriteFile
HeapFree
HeapReAlloc

odbc32

ODBCGetTryWaitValue

Sections

.code
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ