1713628c525e1befdf4859f8ce04ea30 | Triage

Sharing

General

Target

1713628c525e1befdf4859f8ce04ea30
Size

299KB
MD5

1713628c525e1befdf4859f8ce04ea30
SHA1

9ec3547f4ee77c65de28b9bfb632ed989e403391
SHA256

5cfb74339baccb1619c49a04ab1ef607734854a56cefffae74e5b4cb61488ae6
SHA512

22efb8ecf0614672c9b53e29732e22782715a1273909b468f33c9ae7cf15823b7ad5a33e7fc7862a0125cc75e364320a9b32ca702c898e61df2cc90d591ad01d
SSDEEP

6144:lQfE6vxBmH6YUqVPojT11HZ1skvNalJpvdtGls1iEJnWbjUFI:4BmcqlcT1N9A5bGwiEUwFI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1713628c525e1befdf4859f8ce04ea30

Files

1713628c525e1befdf4859f8ce04ea30
.exe windows:4 windows x86 arch:x86

93d44ef24318abd404972c53264baab4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
CloseHandle
GetSystemTime
GetComputerNameA
GetTickCount
HeapCreate
FindVolumeClose
GetDiskFreeSpaceA
lstrlenA
GetDriveTypeA
LoadLibraryW
SetLastError
LocalUnlock
GetDateFormatA
LocalFree
GetCommandLineW
ResumeThread
GetModuleHandleA
CreateThread
ResetEvent

advapi32

GetFileSecurityW
RegDeleteKeyA
FreeSid
GetUserNameA
RegEnumValueA
CreateServiceA
RegEnumKeyExA
CloseEventLog
RegCloseKey
RegCreateKeyExA
GetLengthSid
IsTokenUntrusted
RegQueryValueA

clbcatq

SetSetupSave
DllGetClassObject
ComPlusMigrate
CheckMemoryGates
SetupOpen

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ