683b3d7ed9d5bf78bf5f0a704ac27b0c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

683b3d7ed9d5bf78bf5f0a704ac27b0c
Size

812KB
MD5

683b3d7ed9d5bf78bf5f0a704ac27b0c
SHA1

8e2e81ddadcec02332c25712e317deaf643ada6d
SHA256

26521b73858cec5e71ba438d8d9cb22dbd188d68864c6ca4bb46109514956bdb
SHA512

6193e688232ac515f7a6552d4844177f64c9e9fef3bc21d7926427431e1f49a68403e95668baffec1b8351c2ffbb206cee4d3ef470c9adc85bfc3b41d4a93e1d
SSDEEP

24576:keSYtyp4W+BwFAT9JvKN6hPmZphTa8YS0Q61B:8Yo5eTatZbTHYS0R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
683b3d7ed9d5bf78bf5f0a704ac27b0c

Files

683b3d7ed9d5bf78bf5f0a704ac27b0c
.exe windows:5 windows x86 arch:x86

868b1d3c08ac195fa3a89f4c28fcfe82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
CreateMutexW
SetCurrentDirectoryA
GetConsoleTitleA
SetEnvironmentVariableA
LeaveCriticalSection
GetCurrentProcess
SetStdHandle
FoldStringA
LoadLibraryA
GetProcessVersion
lstrcpyW
EnterCriticalSection
GetTickCount
HeapCreate
OpenThread
SetVolumeLabelA
GetPrivateProfileIntW
GetStringTypeA

aaclient

g_fnStartTransport
OpenKeyReader
LoadClientAdapter
OpenKeyReaderWriter

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.gdata
Size: 1024B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jdata
Size: 800KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ