1cb4a021beb060447843da38eef2de86 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1cb4a021beb060447843da38eef2de86
Size

13KB
MD5

1cb4a021beb060447843da38eef2de86
SHA1

3f5f65c46ea2ae532deb5f609892c1d19aff8826
SHA256

e5a95866b91634156f175a79e2103408bdc74f16227a1145d3536fb34cebd53c
SHA512

ab21443a0c5848955a0bc722a609cd5c2a9c5c3fd05169551cadc771ea4ed136adc99d461ac6382fedf0b71b58b48371b6e432a60bdb9e9511f10985d875178c
SSDEEP

192:xE8slJF+ystOWu1cZ3cMDN89s3gwBJpLy8lbGvtcF45p:xEv+Tzu1cGMDms3gwBbpaCiT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1cb4a021beb060447843da38eef2de86

Files

1cb4a021beb060447843da38eef2de86
.exe windows:4 windows x86 arch:x86

2aec751b0a7fb9e246233e392651fffa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

kernel32

CreateProcessA
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindResourceA
GetCommandLineA
GetFileSize
GetTempPathA
LoadResource
MapViewOfFile
ReadFile
ReadProcessMemory
ResumeThread
RtlMoveMemory
SetEnvironmentVariableA
SizeofResource
Sleep
CreateFileMappingA
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtectEx
WinExec
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
FindClose
FindFirstFileA
FlushFileBuffers
WriteFile
GetModuleFileNameA
GetModuleHandleA
SetCurrentDirectoryA
CreateFileA
CloseHandle
TerminateProcess

advapi32

RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ