1ff79676f1235075d20700eb7bbbee5a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ff79676f1235075d20700eb7bbbee5a
Size

2.7MB
MD5

1ff79676f1235075d20700eb7bbbee5a
SHA1

dc9ae5f711615a1bc7a92356dba492675a5d932f
SHA256

17dcf1a421e58e9785f1a7d25e108bf06425e2c0d27c791185379b37c8be0625
SHA512

a770dd2b46d342ca6b20d98b9ff374db76bc929d9f5765c39141afb75a7aef72474cdb2dc0f233d7fa2393fafa19cf89513dc08ec061286b87dfc2a27c31dce9
SSDEEP

49152:rl8YBka9Y6ljLtH2Ac0J7RiC4PafPfEwp0NCFd7PjpC3eSLPRxYeArjRQt:rFHB0j0HiNvwp0NC3OROeA/RQt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ff79676f1235075d20700eb7bbbee5a

Files

1ff79676f1235075d20700eb7bbbee5a
.exe windows:4 windows x86 arch:x86

9c2d8c493b0e7f9d836dbf6d75a4c1fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcp60

_Wcrtomb
_Toupper

mtxclu

MtxCluBringOnlineDTCW
MtxCluIsSameNodeW
MtxCluTakeOfflineDTCW
Startup
MtxCluIsClusterPresentExW
MtxCluIsClusterPresent
MtxCluGetComputerNameW
MtxCluGetDTCVirtualServerNameW
MtxCluGetDTCStatusW

kernel32

GetDiskFreeSpaceA
HeapUnlock
TlsFree
RtlMoveMemory
WriteFile
FindNextVolumeA
lstrcmpW
GetUserDefaultLangID
GetPrivateProfileSectionNamesW
Process32FirstW
GetVDMCurrentDirectories
VirtualAlloc
HeapQueryInformation
GetProcessIoCounters
GetSystemTimeAsFileTime
GetLastError

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 14.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE