368735cc2ad0676c08b6ad903a6739e3005e271b8c9ffdd46ad34e5b586f7020 | Triage

Sharing

General

Target

368735cc2ad0676c08b6ad903a6739e3005e271b8c9ffdd46ad34e5b586f7020
Size

22KB
MD5

de9a933e1bd50aa80081b1be6168739f
SHA1

57d49c3e13c00076966b6c8ed60771283fa5c1da
SHA256

368735cc2ad0676c08b6ad903a6739e3005e271b8c9ffdd46ad34e5b586f7020
SHA512

527b7be86b1891efa9016aa836f2223250deed5ce399d7258a6be45cd26f7c1153acad74e159fc64b3806cc8671d846eb199b90ddbd1387024201e2abcefe395
SSDEEP

384:lY2+cQewIfiWljK9p+AHUX1BQkebKEHL0fGQTek6dbbjF:lYSQ7IqsOUXzQkemwL0PTekCbn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
368735cc2ad0676c08b6ad903a6739e3005e271b8c9ffdd46ad34e5b586f7020

Files

368735cc2ad0676c08b6ad903a6739e3005e271b8c9ffdd46ad34e5b586f7020
.exe windows x86

d601935e31bb07525a7471816758008d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LocalFree
ExitProcess
VirtualProtect
VirtualFree
VirtualAlloc
lstrcpynA
ReadFile
lstrcpynW
GetModuleFileNameW
SetFilePointer
CreateFileW
GetCommandLineA
Sleep
GetFileSize
CloseHandle
LoadLibraryA
GetModuleHandleA
GetCurrentThreadId
LocalAlloc
OutputDebugStringA

user32

LoadStringW
MessageBoxW

shlwapi

wnsprintfA
wvnsprintfA

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ