24f22eee508a81db0858d50c7bb7882f | Triage

Sharing

General

Target

24f22eee508a81db0858d50c7bb7882f
Size

12KB
MD5

24f22eee508a81db0858d50c7bb7882f
SHA1

5f629d97aa4a5a90940807096b166c38f135810c
SHA256

79ebad7121d76200b95ccb851502aed2d8eeb643fbb903e1ccec34e476e34230
SHA512

18a7ba7ff4d132032102dce554678c066ef649adb2b2ad57632e2a2a4079f807ba8b41e7e5770b6f76ab8efe0cae1a41933b6a9513d783f24e1909fe789ed6b9
SSDEEP

192:WRDKT92mHJwh+DGYbs99wOrgUIX85n8jinzsDt95mpQv3wdC3s6TRS96p:h9HHJwe3UmOrtIXrCzsBmpQvAis6TY6p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24f22eee508a81db0858d50c7bb7882f

Files

24f22eee508a81db0858d50c7bb7882f
.exe windows:4 windows x86 arch:x86

40acdec4faa51758fdb3f24bbc5415b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
MoveFileExA
FreeLibrary
SystemTimeToFileTime
CompareFileTime
GetSystemTimeAsFileTime
WriteFile
Sleep
CreateProcessA
ReadFile
MultiByteToWideChar
GetProcAddress
GetTempFileNameA
LoadLibraryA
GetModuleFileNameA
CloseHandle
GetTempPathA
GetSystemTime
DeleteFileA
GetVolumeInformationW
GetLastError
InterlockedExchange
RaiseException
LocalAlloc

msvcrt

wcsncmp
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strchr
wcschr
malloc
free
strstr
_itoa
memset
memcpy

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE