a2f06222aeee0c48cfa24736ddfc8fc79a99fb492c31759fe7642cfd37eb564fN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a2f06222aeee0c48cfa24736ddfc8fc79a99fb492c31759fe7642cfd37eb564fN
Size

2.0MB
MD5

eca4c475a15f04afe1a1f07a17b5f480
SHA1

359843322abdd001969a41e7be4639f876c5c514
SHA256

a2f06222aeee0c48cfa24736ddfc8fc79a99fb492c31759fe7642cfd37eb564f
SHA512

8400f95ecc75e87901ede4bfe2a1c9fb98a2f582c40843e413770bc63f03538f500b32c2377fdbf7d9b2de0443c191792de907e982a32620e20a31b62ad1a9bb
SSDEEP

49152:lAme+c1Rb4+uvGxgmBDXa2FWchNUF7iSeQgjJhGo:CocY+uextBDfF/O1mjfp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2f06222aeee0c48cfa24736ddfc8fc79a99fb492c31759fe7642cfd37eb564fN

Files

a2f06222aeee0c48cfa24736ddfc8fc79a99fb492c31759fe7642cfd37eb564fN
.exe windows:4 windows x86 arch:x86

c825d892ec1994311831ac7bb64ddf1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
WSAGetLastError
recv
socket
connect
send
closesocket

kernel32

Sleep
LoadLibraryA
GetProcAddress
TerminateThread
lstrlenA
MultiByteToWideChar
ExitProcess

oleaut32

SysAllocStringLen
SysFreeString

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE