TweakNT[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

TweakNT.exe
Size

32KB
MD5

d4ec6f5779d3d019bcab475f81f8839a
SHA1

8b9ba110c46ca5554d14d76167fd44bf66192546
SHA256

64cce20d4f335b20b9b497cd0c7107f28ed087d3a9e1db6e0b785a4b0703bec0
SHA512

080900119db995f1c3a765ac7e8c6a20792ebf0855d3eccd57032b996c9dc587470d7bda115c82d3879005d3c4531bb63bf90ddacfd3475eb39dac0d7a69c21c
SSDEEP

768:xESPXvjH55C8cnFX1FUoi2XMAydNTOepQEOW+mPeGv5REb3c:xJPXvjZE8cFX1qo9YTOepvrPeP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TweakNT.exe

Files

TweakNT.exe
.exe windows:4 windows x86

375c7402f8748b0ff0440c4212cdf8d8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

msvbvm60

__vbaVarSub

Sections

pec1
Size: 28KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE