024dbea5d00ecf298977d3e4968e1668 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

024dbea5d00ecf298977d3e4968e1668
Size

20KB
MD5

024dbea5d00ecf298977d3e4968e1668
SHA1

6fc5f486e22cf7c1395a1e87c9ad7e5206bfbb5d
SHA256

e800e4578064fd9b50eba5b0d5cf22eba4477f74ebd5b17e59ceae53ec5c3458
SHA512

58268644bdfaa12f053153ee92e05742827b638b0a6cd4232a5dc45fb3512b7c1795e3c5a615465af2334d132229c4f5ce7b00ad5f61d996ede3bb01a887f203
SSDEEP

192:bNWEpmwbaGIiKfH/N2yEhC8yLuiMwnyALdRP1oy:bNlp1baRiEH/N2yEhCXLuiMwnl1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
024dbea5d00ecf298977d3e4968e1668

Files

024dbea5d00ecf298977d3e4968e1668
.exe windows:4 windows x86 arch:x86

bdb6e4113ed650d9d58a6e923fe0e846

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LoadLibraryW
ReleaseMutex
GetLastError
CreateMutexA
SetLastError
Sleep
GetCurrentDirectoryW
GetCommandLineW
GetStartupInfoA

user32

wsprintfW
RegisterClassW
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
CreateWindowExW

shell32

CommandLineToArgvW

msvcrt

_controlfp
__set_app_type
_wcsicmp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_except_handler3
wcsrchr
wcscat
wcscpy
wcsstr
_exit
_XcptFilter
exit
_acmdln
__getmainargs

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE