e6917ed80b057527db44fde5839b0920[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e6917ed80b057527db44fde5839b0920.exe
Size

119KB
MD5

e6917ed80b057527db44fde5839b0920
SHA1

5cef60ba5bf2a620611452040c31ce78d63a5371
SHA256

93fa375c75da3d0cb7cd38c0666ad92a3785cd202fce10d3f765ae630822ac08
SHA512

89e6ae277f1db1608c533170e1585253625d91425f0a3f2500c26be854bec75d207f97d004ab91571c6922499f38f943f8762321b193220954106715953fc833
SSDEEP

3072:XU8G94XtY+4bpu04Qump8aq9RSUS8sIQruotvZE:XbG94ibHCmpTI3oA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e6917ed80b057527db44fde5839b0920.exe

Files

e6917ed80b057527db44fde5839b0920.exe
.exe windows:4 windows x86 arch:x86

854ec28b7a1e006da40b2d5856df0a87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_lcreat
WakeConditionVariable
SetConsoleCursor
SetConsoleCursor
GetLongPathNameTransactedA
InterlockedCompareExchange64
FindFirstFileNameW
K32GetModuleFileNameExA
LocaleNameToLCID
InitAtomTable

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE