ddaf6bc7f3c7393bcaee2b45b1050740N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ddaf6bc7f3c7393bcaee2b45b1050740N.exe
Size

1.9MB
MD5

ddaf6bc7f3c7393bcaee2b45b1050740
SHA1

737c1e29b259d7c23298ac29a7b42ec0d5b0a09f
SHA256

2567d91e20f34d271474d62781d8d104509cb16a119bb5c6f0a545d0adede32a
SHA512

229d63f1226a520e10695ba7edac022d72c28c5f2073e2cf369c1a694db5a215470a6007cdf0b5a52f142e48f84377496cb00e3909ad96c67c96b29eea3578be
SSDEEP

768:e5wipCPjsyGqpZwMwfysDECgiK6ffoxWkdFyREKsomf0Hh5Dh3:e5JmsH+ZwMwfy/CLffSi2Bomf0Hh5d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ddaf6bc7f3c7393bcaee2b45b1050740N.exe

Files

ddaf6bc7f3c7393bcaee2b45b1050740N.exe
.exe windows:4 windows x86 arch:x86

4c58aacb5462d3af36b8fe41f278c9f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
free
srand
rand
memset

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

kernel32

LoadResource
GetFileSize
CopyFileA
FindResourceA
SetFilePointer
GetModuleFileNameA
GetSystemDirectoryA
CloseHandle
WriteFile
lstrlenA
CreateFileA
LockResource
GetModuleHandleA
lstrcpyA
GetTickCount
SizeofResource
CreateDirectoryA

user32

wsprintfA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 834B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tqn
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE