24e920d158d7d27ba2e9b1f55598a690_exe32_JC[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24e920d158d7d27ba2e9b1f55598a690_exe32_JC.exe
Size

66KB
MD5

24e920d158d7d27ba2e9b1f55598a690
SHA1

fa5b243c10f15a75d77d03b70adf068bd0d2cdf5
SHA256

9bd19ff1950fa2a8ed9cfc8e588747be56910102fabed2eeeacb17eccc019372
SHA512

0886ad6d34d13f56016f87bdb7c1abf59369b60ed1252ca65f26dee9ff42a255ad97693f8587144867db195981c14b9a965d24ee8b278186ca91e9e6214a075e
SSDEEP

1536:Y7S0UslG8Fvhf3ItBInz4Sfhe59Skjqi+DIPOd/uAn1Qdvkrju2FY+UNoFTwdyFI:Y7PBq9le25gk/+YT9Shspgze

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24e920d158d7d27ba2e9b1f55598a690_exe32_JC.exe

Files

24e920d158d7d27ba2e9b1f55598a690_exe32_JC.exe
.exe windows:4 windows x86

604767a8a6f9bda39abde7774a8cd0c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
GetThreadIdealProcessorEx
SetProcessAffinityMask
QuirkIsEnabledForPackage3Worker
CheckElevationEnabled
GetPackageId
FindNextVolumeW
CreateSemaphoreExA
HeapCreate
QuirkIsEnabledForPackage3Worker

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 51KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE