bb249e84572b187acd95e76ce019518289dade6b8b6cce93fbe356b3e7711ec3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bb249e84572b187acd95e76ce019518289dade6b8b6cce93fbe356b3e7711ec3
Size

17KB
MD5

7dde40cacb69b30b03f37c560175a480
SHA1

6fed44a1865341ad30fdcad992f37cc6587eafe9
SHA256

bb249e84572b187acd95e76ce019518289dade6b8b6cce93fbe356b3e7711ec3
SHA512

f171b486fe335bb9850b96bc5201ba56eccb80983db5a42f5f1502bb05f359fca73d4105aebd9703b710a84bf52ea37ad1a558b1cbb18acdeb6920cb67c2f9a3
SSDEEP

384:6Naj/gARN2QRf+jDVrFP77amTCjMjZQh:6N2gA1VWX7XZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb249e84572b187acd95e76ce019518289dade6b8b6cce93fbe356b3e7711ec3

Files

bb249e84572b187acd95e76ce019518289dade6b8b6cce93fbe356b3e7711ec3
.exe windows:4 windows x86 arch:x86

b33c0d26c58c0cfadb6f4098b8fd5085

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

shlwapi

PathFileExistsA
PathFindExtensionA

kernel32

GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
DeleteFileA
Sleep
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
WaitForSingleObject
TerminateProcess
CloseHandle
GetCurrentDirectoryW
GetCurrentProcess
OpenProcess
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapFree
IsBadReadPtr

shell32

ShellExecuteExW

msvcrt

sprintf
modf
atoi
_ftol
strchr

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE