1c973b67f9f8dd621d24aa3122cbe249 | Triage

Sharing

General

Target

1c973b67f9f8dd621d24aa3122cbe249
Size

20KB
MD5

1c973b67f9f8dd621d24aa3122cbe249
SHA1

6e5af8b5e62beb4da209650bdf50c27a40743dde
SHA256

cf2b041d5d5eb31cd602249234181765c4c682d2e50858b24dcee3804160fd42
SHA512

dc5baee635c968632bc024c232191faca77d862fe11c78545b8df240f8c60aec8087997b09e62ff26fdabe12b2503ecba62a85a26d42feaad20aa9a034e93f14
SSDEEP

384:7kdPN608QmX8xhWado+evREsSHmqI73fuzZMc5Sq2N8CpWYIQPh1VRkQ:4SfvXWhfHepEsmS2zZMc5SX7kYIQZ1MQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c973b67f9f8dd621d24aa3122cbe249

Files

1c973b67f9f8dd621d24aa3122cbe249
.exe windows:1 windows x86 arch:x86

d8ea9f6fd6d05e5401bf8b6017b9ee59

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

ws2_32

htons

shell32

ShellExecuteA

winmm

mciSendStringA

user32

GetWindowTextA

advapi32

GetUserNameA

crtdll

__GetMainArgs

Sections

pec1
Size: 15KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE