13b8aa8ed101151e2727077deb15737a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13b8aa8ed101151e2727077deb15737a
Size

7KB
MD5

13b8aa8ed101151e2727077deb15737a
SHA1

aa102ad99f36aa68d796bd61bc07a925802079fb
SHA256

cfe488bbfa14cafc6f1eefc2a86b6dc16b55bb4bee20cc3f9fe4019faa3a00cd
SHA512

b6e9b8d156306a25528e9f49be3f47c01a70dc08677cf2eb8a0d771b2c9828e9e6ad13741016e77f41905d557792f1c2d41d3e3bdbca7a4f3fe4b3f23924812b
SSDEEP

192:igy6xI1ZNBT1UfvCtKsQJd/kvnCKi1r6:hy6wXB1UfvC8sQYvnCK26

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13b8aa8ed101151e2727077deb15737a

Files

13b8aa8ed101151e2727077deb15737a
.exe windows:4 windows x86 arch:x86

140dbda6bfb2f9a618902089f622503f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

memset
strncpy
strlen
memcpy

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetModuleFileNameA
GetShortPathNameA
CreateProcessA
CloseHandle
CreateFileA
DeviceIoControl
WriteFile
GetCurrentProcess
GetLastError
HeapAlloc
HeapFree
DeleteFileA
HeapReAlloc

user32

ExitWindowsEx

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.code
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 11B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE