ffddced7a105592410c8995ecc166f49ef85888c1cabbbe57dc9aeadd244b2aeN[.]exe | Triage

Sharing

General

Target

ffddced7a105592410c8995ecc166f49ef85888c1cabbbe57dc9aeadd244b2aeN.exe
Size

130KB
MD5

9f3dd70948d04a624c0e6a4eefc90b60
SHA1

f319fb531415c9bc46dba7dc5b21dbae10ad1305
SHA256

ffddced7a105592410c8995ecc166f49ef85888c1cabbbe57dc9aeadd244b2ae
SHA512

898f92c57d6b1234d83c0d57959058f8be8d57699793287fbd470119a67ff3417b97d1ddacbdc79771224a4e96dc508b6e7f2723c765679e8c4a17f477a6ca41
SSDEEP

3072:PCzM+Ux+YpkUTQCU4PQ2tqZemF11LFtenLek/0E/0rD:J+UEsLTQCUs3SX1LF4nLP/dED

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffddced7a105592410c8995ecc166f49ef85888c1cabbbe57dc9aeadd244b2aeN.exe

Files

ffddced7a105592410c8995ecc166f49ef85888c1cabbbe57dc9aeadd244b2aeN.exe
.exe windows:5 windows x86 arch:x86

17dffd7ba77ee4cbb92976dd2a2c9b4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStringTypeA
GetPrivateProfileIntW
SetLastError
GetDriveTypeA
LoadLibraryW
GetProcessHeap
ClearCommBreak
HeapDestroy
HeapFree
GetFileAttributesA
TlsGetValue
ResumeThread
VirtualProtectEx
lstrlenA
CreateEventW
OpenMutexW
GetPrivateProfileSectionA
DeviceIoControl
DeleteFileA
DeviceIoControl
GetCurrentProcess

rasapi32

DwEnumEntryDetails
DwCloneEntry
DwCloneEntry
DwEnumEntryDetails
DwRasUninitialize
RasDialA
RasDeleteEntryA
DwEnumEntryDetails
RasDialA
DwRasUninitialize
RasDialA
RasDeleteEntryA
DwRasUninitialize

p2p

PeerEnumGroups
PeerFreeData
PeerPnrpStartup
PeerGetNextItem

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ