ffa5607d83a442e6fbc358f2f6c7f1a1b001a72e176d169a4e6db0a1f5bc519dN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ffa5607d83a442e6fbc358f2f6c7f1a1b001a72e176d169a4e6db0a1f5bc519dN
Size

30KB
MD5

5f741641c88ed0a4967443336863f8f0
SHA1

f4786a302617119346d77b5a55d0b239f10979c4
SHA256

ffa5607d83a442e6fbc358f2f6c7f1a1b001a72e176d169a4e6db0a1f5bc519d
SHA512

6864241d58b8fe62c9cc365351b855462099610e1a13d2c2f601e6ca11b2ddf55bcba0bd3f1c12ec3cf7afebc254ffa480f960a00b4257103a41e7684477fafe
SSDEEP

768:4Q0FtbM5c3PXJiLAI1z1n48ViHYL+p111111:wLkcqAG1n48Vsbd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffa5607d83a442e6fbc358f2f6c7f1a1b001a72e176d169a4e6db0a1f5bc519dN

Files

ffa5607d83a442e6fbc358f2f6c7f1a1b001a72e176d169a4e6db0a1f5bc519dN
.exe windows:4 windows x86 arch:x86

8b1ce836b575e950163679a8a4e4d5e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

mfc42

ord2055

msvcrt

_except_handler3

user32

SendMessageTimeoutA

advapi32

RegSetValueExA

shell32

ShellExecuteA

ws2_32

htons

wininet

HttpAddRequestHeadersA

Sections

��
Size: 22KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PEC
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE