b5a90a11f51eb191bf8f3b2f407c2e27229b1da1d68cfccfeae0a2fe471f3a46 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5a90a11f51eb191bf8f3b2f407c2e27229b1da1d68cfccfeae0a2fe471f3a46
Size

4.9MB
MD5

3b0e0a92078bc74d78a6895686a4b329
SHA1

514bd7c96bc8028465075cb8b99eb3214b4cb59a
SHA256

b5a90a11f51eb191bf8f3b2f407c2e27229b1da1d68cfccfeae0a2fe471f3a46
SHA512

508f479374edc62d48651401404900c8b17148561f72a3926bfd9499b387fad0736f33b5db2628ccfb69f2ddfa49f90788a72aca6e6603165a9bcb8ac8ec7151
SSDEEP

98304:atfutQFsOgteYtbY2VZwKspS+4l1EQz+tiVp7r1KnfMT31sIQR:5tQ1ywKspS+i+0VpXwn4BQR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5a90a11f51eb191bf8f3b2f407c2e27229b1da1d68cfccfeae0a2fe471f3a46

Files

b5a90a11f51eb191bf8f3b2f407c2e27229b1da1d68cfccfeae0a2fe471f3a46
.exe windows:4 windows x86 arch:x86

71ce8c46a16dbcbe015e7766cba9e5d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
CreateProcessA
CloseHandle
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
GetTickCount
WriteFile
CreateFileA
SetFileAttributesA
FreeLibrary
GetProcAddress
LoadLibraryA

psapi

GetModuleFileNameExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

msvcrt

modf
_ftol
sprintf
srand
rand
strchr
atoi

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28.6MB - Virtual size: 28.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ