c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5 | Triage

Sharing

General

Target

c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5
Size

3.7MB
MD5

d562a3dc03794d1780bd2e598393acbf
SHA1

7c29aada265f4632745971ab9ab8c8c150b33ef7
SHA256

c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5
SHA512

98099a6cfb6d1afec42849e9f470cf586f40da916d1b0e97ca77754ece222d7909c60d8833428342b2ae4bf3d8235b3981b587eedc5d66df035fca489d3d7591
SSDEEP

98304:ebdh18MZ4kY+ICn4Gw2mOaXgMmahOlZ8vBfgiQc9pL:eDZtICc2R0JmgiZ8v5glOpL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5

Files

c22d087aa0bfe81db7b582b527a565b92db7c953f8b9f0c0a2f3db3f0d614ec5
.exe windows x86

fef777dd92b68f64de22c1b8b410e334

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetVersionExA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmps0
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmps1
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ