15924d2e55ccc1022622209558914eac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15924d2e55ccc1022622209558914eac
Size

100KB
MD5

15924d2e55ccc1022622209558914eac
SHA1

457afc230206a9cfb915fe6844ebdb4f502c5c10
SHA256

6c5c30368ac00a3ccf3ae6a5e82cf553079cd540615ba310a601110f2bac7ea1
SHA512

6f97c5268a73b0f278967d0596423e349bc3f43126f6ed0b386be260f324fa327dba7fc1dc33b13ee08e587331367cf44f1549af6d645ee9a06402381b411297
SSDEEP

1536:LBH1gXw0ocEXly+VpR181moAAIdHTjER4PrJ0FBeBfQS7J4RiqO:LV1gXw9FzkfUdHMfv247O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15924d2e55ccc1022622209558914eac

Files

15924d2e55ccc1022622209558914eac
.exe windows:4 windows x86 arch:x86

1a90d6bc6dcebd1e12ab7ffe979a0dcd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
MapViewOfFile
InterlockedDecrement
SetConsoleDisplayMode
ContinueDebugEvent
UnregisterWait
CallNamedPipeA
WriteProfileSectionA
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

CsrCaptureMessageString
RtlGetCallersAddress
ZwReleaseMutant
RtlAllocateAndInitializeSid
ZwAdjustGroupsToken
NtResetEvent
ZwQueryInformationProcess
RtlSplay
RtlAnsiStringToUnicodeString
NtOpenMutant
ZwInitiatePowerAction
ZwOpenIoCompletion
memcpy
RtlCreateEnvironment
ZwSetInformationToken
RtlDoesFileExists_U
RtlStartRXact
NtQueryIntervalProfile

Exports

Exports

AddWkpenpkxhe
GetOldynysajge
Utmbuyir

Sections

.i71
Size: 4KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ