YzlhMGI2[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

YzlhMGI2.exe
Size

226KB
MD5

b8e1e5b832e5947f41fd6ae6ef6d09a1
SHA1

a3ca8df5115ff13b75d21f2a475e8e60e5c9ed1e
SHA256

48d208b87b29d50bb160f336c94b681e232b0f90e8c02175e593d60737369c13
SHA512

1f4d0505ae510229db189f58b68b5e1329d8dcbcb7a464507a6f958ccbca992965dc327d824460f1d1e9e0f2ab8b978163705022ea096ae3f691ec5f681ee519
SSDEEP

3072:YFlevheSnU3SOw9/WjiY0HQGT8DtUnbEocTP2M4A:YaZe1Xw9/XTmKbzcTOc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
YzlhMGI2.exe

Files

YzlhMGI2.exe
.exe windows x86

5398a31c02f982d19bdfe5ec49d2e4ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
GetProcAddress
LoadLibraryA
Process32First
Process32Next
GetSystemDirectoryA
HeapFree
GetLastError
HeapAlloc
CreateFileA
GetTickCount
GetComputerNameA
CloseHandle
GetTempPathA
CreateToolhelp32Snapshot
CreateProcessA
HeapCreate
VirtualAlloc
WriteProcessMemory
GetModuleFileNameA
ExitProcess
GetCommandLineA

shell32

SHGetFolderPathA
SHCreateDirectoryExA

ntdll

NtResumeThread
NtAllocateVirtualMemory
NtSetContextThread
NtWriteVirtualMemory

shlwapi

StrToIntExA

crypt32

CryptBinaryToStringA

user32

GetWindowThreadProcessId
wvsprintfA
FindWindowA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ