cab9ba56e264feaf0e2812b368b02800d0f6bfa7b205d040765c8d4a0e2b4407 | Triage

Sharing

General

Target

cab9ba56e264feaf0e2812b368b02800d0f6bfa7b205d040765c8d4a0e2b4407
Size

1.9MB
MD5

89984b4d62b3092f0527fe87c1e5c6ca
SHA1

9bdcf0585839783b2086027c4102400f948c0d9b
SHA256

cab9ba56e264feaf0e2812b368b02800d0f6bfa7b205d040765c8d4a0e2b4407
SHA512

7a627fd2bdbc128b3675d04447bc1c32fb017fa106aafa90c8223840abdd2934d4db849a42acaa9c7b3c1ce2847d3914d42a05b89c069b435b5486c1011e7c84
SSDEEP

24576:4gEhCW2vAv8BX4JJGsouznF9CB4Pdotr95YRooqMKMCd+P1Cn/SUxOUAP3/LKpGG:4gEhavAv8XOGruLHCqSBYz/9C/+TUM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cab9ba56e264feaf0e2812b368b02800d0f6bfa7b205d040765c8d4a0e2b4407

Files

cab9ba56e264feaf0e2812b368b02800d0f6bfa7b205d040765c8d4a0e2b4407
.exe windows:5 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 149KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wxevsbyt
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

radplfbq
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE