ZmU2ZGYw[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ZmU2ZGYw.exe
Size

959KB
MD5

41687e58130c8bdca248e1403e565afb
SHA1

6eda5da62e5073a67ff89dd89b85328dd2df73d1
SHA256

fef1f9664fde9b23754c691b15a05fdc35a51a0ceb8a18fb9a5a0166e6377c69
SHA512

6cd670e5f14a8d6fa1b5894a89cfe514d403f3f8dc82be9c83f86345be72d218844cd3f8c1c045deae6a292796d6d280efe49c8de724abda038c522407a14cde
SSDEEP

24576:TLjr3s2nScu1i1tz3f++5kRzFxk7rMxNeR1R9qpdAF:Pjrc2So1Ff+B3k796W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ZmU2ZGYw.exe

Files

ZmU2ZGYw.exe
.exe windows x86

216df81b1ef7bc2aa8ec52bbeef137c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAppendW

activeds

ord9
ord15

kernel32

CreateProcessW
GetSystemTime
lstrlenW
LocalFree

advapi32

CheckTokenMembership
CreateWellKnownSid

ole32

CoCreateInstance
CoSetProxyBlanket

Sections

.text
Size: 896KB - Virtual size: 895KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ