9813df005f70fed391f1008dc992b3f297182722356372d88bfa3a0d39875a1c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9813df005f70fed391f1008dc992b3f297182722356372d88bfa3a0d39875a1c
Size

6KB
MD5

878767099ca32f01788d3af1494fa636
SHA1

1c26a422b9de9e1ec94efd43ffa66f2718ee6eee
SHA256

9813df005f70fed391f1008dc992b3f297182722356372d88bfa3a0d39875a1c
SHA512

48caba0862e4a2e4903240e7293efcf7b665766f16eb9d40e245f0bc9e0ae7e1f33371e4fa4021695228c4964116e92ab4fa4624c558eaccd60a0ab1835e807a
SSDEEP

48:SNdbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9uj:+0mIGnFc/38+N4ZHJWSY9FI5WqVx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9813df005f70fed391f1008dc992b3f297182722356372d88bfa3a0d39875a1c

Files

9813df005f70fed391f1008dc992b3f297182722356372d88bfa3a0d39875a1c
.exe windows:5 windows x64

7c5f9b19847a4e36080308f0e2c5add5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
GetModuleHandleA
GetProcAddress
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
CloseHandle
VirtualFree
GetProcessHeap
CreateFileMappingW
MapViewOfFile
OpenProcess
UnmapViewOfFile
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ