17a7c4ddf7293cef008786ec4ed6a9b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17a7c4ddf7293cef008786ec4ed6a9b4
Size

67KB
MD5

17a7c4ddf7293cef008786ec4ed6a9b4
SHA1

2f1551399e5925f8c34d7e066bebd012bd3f1fe1
SHA256

bdce9c3a0c0d1d138fea977ae17db5a1e186a5ca4b74cf4aa54839de9e9389b2
SHA512

5f2e4ae901a31ec3c71ef046d91c77b0b21517d1ff60cf8e6bb47299b09f02171976490ad47b4134afd5f0adacafbf960ed569ccae1ee03783bb2d572fc8a0fe
SSDEEP

1536:ZmVseOunh0X1IDWRUPSdwLeZcXr1IDWRUPSdwLeZcX9DFWfiu5Kyox+EGCoADn:ZmVzOJFWdg+fBQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17a7c4ddf7293cef008786ec4ed6a9b4

Files

17a7c4ddf7293cef008786ec4ed6a9b4
.exe windows:5 windows x86 arch:x86

a1c25d376c9c11dc5368fdaed9a98b5c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
LoadLibraryA
lstrcmpiA
VirtualProtect
GetProcAddress
IsBadReadPtr
CreateThread
GetModuleHandleA

user32

DefWindowProcA
SendMessageA
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA

Exports

Exports

func1
func2
start

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 691B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ