20b82dc13ff5b0f63e1187c1da230849 | Triage

Sharing

General

Target

20b82dc13ff5b0f63e1187c1da230849
Size

297KB
MD5

20b82dc13ff5b0f63e1187c1da230849
SHA1

752baada6030e24379bdae17f08ab52afc365db2
SHA256

56cae44400f1cef921c863db27f422a621e24db846ea84e72e1fc2a78cd6f53e
SHA512

884ea8f1341dc27d15162e33aa47add16e7e32cb098ee5ee8d674c7719c77cc08955ba9ce62cc41b1d6888b77f52118c98ec54948f0656e7b3476c8f0a3da72f
SSDEEP

6144:1hJsZteAQrDF5uMmUE6CQ4Ui28fF2ai2xxH0OSvPmFOc8VNNSnDVo:TwYAQrDF5PZE/Q4Un8d2aNxHcvPFc8SC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20b82dc13ff5b0f63e1187c1da230849

Files

20b82dc13ff5b0f63e1187c1da230849
.exe windows:4 windows x86 arch:x86

e9f6317fcf4b3ee62fcf9632228f9b13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
ResetEvent
GetSystemTime
SetLastError
SuspendThread
HeapCreate
TlsGetValue
GetTickCount
GetCommandLineW
FindAtomA
GetDiskFreeSpaceW
CreateThread
CloseHandle
GetExitCodeProcess
GetModuleHandleA
CreateFileA
SetEvent
GetComputerNameA
LocalFree
GetFileAttributesA

advapi32

GetUserNameW
CreateServiceW
IsTokenRestricted
RegQueryValueA
RegDeleteKeyA
GetLengthSid
RegEnumKeyExA
CredFree
CloseEventLog
RegEnumValueA
RegCreateKeyExA
GetFileSecurityA
RegCloseKey

cryptui

WizardFree
LocalEnroll
CryptUIDlgSelectStoreA
CryptUIDlgCertMgr
CryptUIDlgSelectCA

powercfg.cpl

CPlApplet

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ