d309a9c10abc5af24b2c159a35358b6d | Triage

Sharing

General

Target

d309a9c10abc5af24b2c159a35358b6d
Size

12KB
MD5

d309a9c10abc5af24b2c159a35358b6d
SHA1

f7eccbdb1ee369e0582e2843d6f82210ef08110b
SHA256

ee6b137d038f9f0e82fd7752a26abe1bb4988f83468496311e91bc5384e0fa0d
SHA512

0465bbf2404f4fe1e9ffa545a65340fb41282b2a8118f51f053060b0d4cdd99722e3f862da46d449ae556254b4444171451a559ac5e13a733514b38f3c443efe
SSDEEP

192:4GWgcT5niZEqGiD/Wl60Y9HzqoaqPGiiP8JkJG4aWwr:4GWZTMZJwb+uo9PGJG4aW+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d309a9c10abc5af24b2c159a35358b6d

Files

d309a9c10abc5af24b2c159a35358b6d
.exe windows:4 windows x86 arch:x86

c001de84588e82cbe9aed33fff7849cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
VirtualProtect
VirtualFree
VirtualProtectEx
ReadProcessMemory
OpenProcess
Sleep
UnmapViewOfFile
WriteFile
SetFilePointer
GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
Process32Next
FindClose
DeleteFileA
FindNextFileA
FindFirstFileA
CreateRemoteThread
HeapAlloc
GetProcessHeap
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LoadLibraryA
TerminateProcess
GetProcAddress
GetLastError
GetCurrentProcess
GetModuleFileNameA
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTickCount
RtlUnwind

user32

MessageBoxA
wvsprintfA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE