2de16a8369ac52f94aa50e22f7732f23 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2de16a8369ac52f94aa50e22f7732f23
Size

92KB
MD5

2de16a8369ac52f94aa50e22f7732f23
SHA1

74f0e93d909a53497d7312bb114133852688293c
SHA256

77ed1659bd1cf68757e40462bf8d2c5c6b290586e86da230b209566fe786200a
SHA512

98da72d81a6e7ee90d34bdac80d0a77fe90415d84ed364b1f3c2b8bf37062c906fcfbc3808649135aadd6277853f6a1599f1643bd7547d8a2edd99f32df1f9d1
SSDEEP

1536:8aA3sGmLP2ljhx+2aSnqjVXIOFyDu09ACdPi984+K1z6/3sOS:8ab+5j+KIFyDuIAaTVEz6/3sOS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2de16a8369ac52f94aa50e22f7732f23

Files

2de16a8369ac52f94aa50e22f7732f23
.exe windows:4 windows x86 arch:x86

2a84cc4e54edf7b8ecf0f583b105f9b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

NtQueryInstallUILanguage
NtCreateProcess
tolower
ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
NtSecureConnectPort
NtDuplicateObject
ZwFlushWriteBuffer
ZwSetHighEventPair
_allmul
RtlTimeToSecondsSince1980
LdrUnloadAlternateResourceModule
ZwSignalAndWaitForSingleObject
NtSecureConnectPort

Sections

.gdata
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ