5562874e61889147d1c8095dbe4cfceb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5562874e61889147d1c8095dbe4cfceb
Size

503KB
MD5

5562874e61889147d1c8095dbe4cfceb
SHA1

bbb5e668ce3407e9737110478bdbea5be6159cda
SHA256

0b7ba7992f2eb7f2474be11fb91b3b75e2f693a1eb8e33908611f092823d3639
SHA512

10668690da707d39f7f83066106ba27b33ec1e460ec12721fbd6e830dfd4c633eb8a886581845ef283f3754dc837a09cc5c5febd4c5adeb3e00e4ab8b79ebac4
SSDEEP

12288:OEAEIU+rl6rxkvaHAsptHSMrcwEGjRphD1D/j4QChlSc:OXUpxkvASMrcTgpB1DrAhs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5562874e61889147d1c8095dbe4cfceb

Files

5562874e61889147d1c8095dbe4cfceb
.exe windows:5 windows x86 arch:x86

2c8ac9bee2cebbd3aa0b64a2a367281c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
LeaveCriticalSection
SetStdHandle
GetStringTypeA
FoldStringA
OpenThread
GetProcessVersion
SetCurrentDirectoryA
GetConsoleTitleA
GetPrivateProfileIntW
DeleteFileA
CreateMutexW
lstrcpyW
EnterCriticalSection
LoadLibraryA
GetCurrentProcess
SetEnvironmentVariableA
GetTickCount
SetVolumeLabelA

aaclient

OpenKeyReaderWriter
g_fnStartTransport
LoadClientAdapter
OpenKeyReader

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gdata
Size: 1024B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jdata
Size: 491KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ