0314af9d383c06c7b386570c3858db6a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0314af9d383c06c7b386570c3858db6a
Size

11KB
MD5

0314af9d383c06c7b386570c3858db6a
SHA1

2cae0768c90063928f451b8c0a766a26518d11ee
SHA256

eb117036330983f6f5e0c7f08b37dfb1d5283ac2a4e9ea2c8c51b27702217d56
SHA512

bfc4c1b5b561aa224d8b60fcd0409aae3465164c202ad58a8de8c9c6f199e6656c8c9c5b3c6c90def504962320d03c8b2b12018dbe17659b5392238171db151b
SSDEEP

192:OSztUDNfWkrgP3mwiNq73auO7yBt9k0UMKgLBk6IiS:OSztAHwiNmauOe4LgLBk6h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0314af9d383c06c7b386570c3858db6a

Files

0314af9d383c06c7b386570c3858db6a
.exe windows:4 windows x86 arch:x86

7fa2d7796fb7807a82cf344ed56146f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwOpenProcessToken
memset
RtlAdjustPrivilege
ZwClose
ZwDuplicateToken
RtlImageNtHeader
ZwSetInformationToken
strlen
memcpy
_snprintf

ws2_32

WSAStartup

kernel32

Process32Next
LoadLibraryA
InterlockedExchange
FreeLibrary
LocalAlloc
GetProcAddress
CreateThread
CreateMutexA
GetModuleFileNameA
CopyFileA
Sleep
MoveFileExA
ExitProcess
GetModuleFileNameW
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
VirtualQuery
SystemTimeToFileTime
GetCurrentProcess
Process32First
VirtualFree
SetFileTime
OpenProcess
GetLastError
lstrcmpiA
VirtualAlloc
RaiseException
CreateFileMappingA
CreateToolhelp32Snapshot
GetVersionExA
CloseHandle
GetTempPathA
SetFilePointer
WriteFile

winspool.drv

GetPrintProcessorDirectoryA
AddPrintProvidorA
DeletePrintProvidorA

shell32

ShellExecuteExA

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ