30f476251c18213ad4afe29a74863f99 | Triage

Sharing

General

Target

30f476251c18213ad4afe29a74863f99
Size

327KB
MD5

30f476251c18213ad4afe29a74863f99
SHA1

3bb819a875d3d034cfe9292306318df3fc923ba6
SHA256

23d905836e1cad7a7c910a5de5c6aaf7e4a78dd7a659a2893e0595986148270b
SHA512

d104b838bf543a8ef301aa6e04f34132fea8bad087d0b498845c16571e41c16e53fbd43fd605fc9c9c96e5c4a037b792a8b916eafdf8a55cf5ec81301c905386
SSDEEP

6144:WQxKYsxwuJxjztimOT1K5egt6nAfjdyATZ812nRXsDVOX9igz:LKPzBc4tdrdyYNnyVOX9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30f476251c18213ad4afe29a74863f99

Files

30f476251c18213ad4afe29a74863f99
.exe windows:4 windows x86 arch:x86

840d39b7b978198de527705e3c41aea4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceTypesA
GetLastError
FindClose
LocalFree
VirtualProtect
GetDiskFreeSpaceExA
IsBadReadPtr
IsBadStringPtrA
GetModuleHandleA
CloseHandle
SetLastError
GetCommandLineA
ResetEvent
GetDriveTypeW
CancelIo
DeleteCriticalSection
GetDateFormatA
TlsGetValue
FreeConsole
LoadLibraryExW

advapi32

CloseEventLog
AccessCheck
CloseTrace
OpenEventLogA
GetFileSecurityA
RegLoadKeyA
RegCreateKeyExA
LsaFreeMemory
LsaSetSecret
FreeSid
IsValidSid
RegCloseKey
LsaClose
RegCloseKey

osuninst

RemoveUninstallImage
ProvideUiAlerts
IsUninstallImageValid
GetUninstallImageSize
ExecuteUninstall

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ