09b9252cf296715805877dbedfdbda4b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09b9252cf296715805877dbedfdbda4b
Size

1.9MB
MD5

09b9252cf296715805877dbedfdbda4b
SHA1

b072197d0c5ff4731bc0c93396722e3429ccaf22
SHA256

50ec4f55c558b40af4d8d1bcc7468417a432e263c287efcbaa76e7eb105ce563
SHA512

6363cb8ce2abd8ada1626f809dbff3129ae28e55b9e09df92e1e1773c3277c324cea16e996f3279e27ffd10870dde1a22830713b692778ab497b6f67530a66b9
SSDEEP

24576:npyF5r5EMcv8x2TyyeA9RboJsTUHepE3/LEwlZHiwY:p2F7hPJeQHQOF+wY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09b9252cf296715805877dbedfdbda4b

Files

09b9252cf296715805877dbedfdbda4b
.exe windows:4 windows x86 arch:x86

f3a0d0c83d628d9014658857c4136f87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleActiveScreenBuffer
GetSystemWindowsDirectoryA
GetSystemRegistryQuota
VerSetConditionMask
GetConsoleAliasExesLengthA
ClearCommError
GetNumberOfConsoleFonts
ReadFile
GetNumberOfConsoleInputEvents
FindVolumeMountPointClose
LocalAlloc
GetDefaultCommConfigA
VirtualAllocEx
CloseHandle
FreeResource
GetProcessId
SetHandleCount
FindVolumeClose
IsProcessorFeaturePresent
FindNextFileA
GetFullPathNameA
GetWindowsDirectoryA
LZCopy
FindFirstVolumeA

dpnet

DirectPlay8Create

advapi32

CredFree

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 455KB - Virtual size: 793KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ