002680b7027943639216f892aa71e221 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

002680b7027943639216f892aa71e221
Size

42KB
MD5

002680b7027943639216f892aa71e221
SHA1

526aacd85307595d3509455cc066ebe2e8aa4812
SHA256

3d688becb49d11b9a37d9a4673395bc9032d0739b9a4e169a65ebb6e51afd403
SHA512

8f7ae47a057056cc1064c54a6aa997e42a3f35474281ec0ccb510ad46ef7f17abc0f74bd37f6e0da0bbc9995168e707e2784961b5e0584b6ce91a118258439bf
SSDEEP

768:nrzTo0I1bvZWvy9Sj9sWFw8OgtDSE6jBAhXvdW92b56RyBuFzVGbw4f:nrzq5hoPj9rtdhSjEXvdWa5pBqGE4f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
002680b7027943639216f892aa71e221

Files

002680b7027943639216f892aa71e221
.exe windows:5 windows x86 arch:x86

8ee6b5c449038acd3c3a6478c515426d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
VirtualQueryEx
TerminateProcess
VirtualAllocEx
GetModuleFileNameA
GetModuleHandleA
CreateFileA
GetFileSize
SystemTimeToFileTime
WaitForSingleObject
SetEvent
GetTickCount
Sleep
CreateEventA
ReadFile
OpenEventA
CloseHandle
GetSystemTime
CreateThread
HeapAlloc
GetProcessHeap
ExitProcess
GetStartupInfoA
GetCommandLineA

user32

UpdateWindow
DispatchMessageA
ShowWindow
DefWindowProcA
CreateWindowExA
TranslateMessage
KillTimer
RegisterClassExA
SetTimer
GetMessageA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 950B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ