4075b01e92cf5bb84f20fa0b5f57f760N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4075b01e92cf5bb84f20fa0b5f57f760N.exe
Size

12KB
MD5

4075b01e92cf5bb84f20fa0b5f57f760
SHA1

d30d8cd98e56474b9b2302af1219149b11bd509c
SHA256

555a5b664a55d16a2a58706352baa027e5c88b9852db6687be35ac571fe7af6e
SHA512

43f480e1b699b88b3b11e01b7c1252f0c5c1d8f5ec2bb9dfbb2d97542b069dfd1a9a742250c96dc144f94bfe6ff3c5c14db872178be8381e76585bfd6d2fe0a7
SSDEEP

192:/AE6vGyWMrhHgxSNvtYNp9XgT74aebNjNr/NJ2F3FoImA:nMrKSNVE9wTcaYaF3FoI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4075b01e92cf5bb84f20fa0b5f57f760N.exe

Files

4075b01e92cf5bb84f20fa0b5f57f760N.exe
.dll windows:4 windows x86 arch:x86

69f1e2f21f701fa3359a8897dded4d73

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
OpenMutexA
GetLastError
CreateMutexA
CloseHandle
ReleaseMutex
CreateThread
GetModuleFileNameA
Sleep
MapViewOfFile
CreateFileMappingA

user32

wsprintfA

ws2_32

WSAStartup
socket
htons
gethostbyname
send
recv
closesocket
WSACleanup
connect
inet_addr

shlwapi

PathFileExistsA

msvcrt

_adjust_fdiv
_initterm
fwrite
fread
fopen
fseek
ftell
fclose
isalpha
isdigit
strtok
atoi
malloc
free
strstr
strncpy

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ