598d21351248688d9df12aeb3160e01b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

598d21351248688d9df12aeb3160e01b
Size

20KB
MD5

598d21351248688d9df12aeb3160e01b
SHA1

b02c85bbd417d677e209cc93af0172837a00e12e
SHA256

7d0144229845993431613993105d0e41d30ae00913a9ce5782f700b7497d2a64
SHA512

60fc6d1f2c3dd8ff47d8a676a7202f5939f2c8740221638adb6e030bf3a2a1be8a149b617f2f8f352cbcdd8c3467def4720cfc33b0f1fd228b0175e1e94e7bec
SSDEEP

384:AZaHHoOOsyHj0wxfCbKlCvw2XTtHZ2GPdqt1kBoZ4x:AEIOgjxfCbKAZHXPAn9+x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
598d21351248688d9df12aeb3160e01b

Files

598d21351248688d9df12aeb3160e01b
.exe windows:5 windows x86

08da5ec80406581b76eae64d14e4f631

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetModuleFileNameW
SetEnvironmentVariableW
IsWow64Process
GetCurrentProcess
GetCommandLineW
OpenProcess
GetLastError
DuplicateHandle
GetVersionExW
CreateFileW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
OpenFileMappingW
SetEvent
GetFileSizeEx
VirtualAlloc
VirtualFree
GetModuleHandleA
GetProcAddress
LoadLibraryW

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ