33298ffb7a73e1fdcc7b66e074484601 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

33298ffb7a73e1fdcc7b66e074484601
Size

92KB
MD5

33298ffb7a73e1fdcc7b66e074484601
SHA1

ce4ed00a9885d6bb096f58b145b7ee7411e9043f
SHA256

cf21b47f028dc020d758dc74f25fb3a4630827b82532d1fe1409f3ee74a8d027
SHA512

71183e854f3ed5217282b95a78de87b2550e870aac9e8cc00ec82807632948c43e38c6e05f8e4504472a69f3cf65831f28dcdc367904a1ee25f05152be35b76b
SSDEEP

1536:MaM0pUl2iu6LH7LojFxVH4qq0cPf2l0L7QglenvwO7xR:MaM02l7dH7Lc3EtQe7QSqL7x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33298ffb7a73e1fdcc7b66e074484601

Files

33298ffb7a73e1fdcc7b66e074484601
.exe windows:4 windows x86 arch:x86

6877c397d4a06217bbe84328aa0546f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalLock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

ZwSetHighWaitLowEventPair
NtAdjustGroupsToken
NtSetInformationObject
NtEnumerateValueKey
qsort
NtCreateDirectoryObject
wcslen
LdrEnumResources
ZwQueryInformationToken
NtSuspendThread
NtFlushVirtualMemory
NtInitializeRegistry
LdrVerifyImageMatchesChecksum
RtlAppendAsciizToString
RtlAddActionToRXact
ZwSetTimerResolution
RtlAddAtomToAtomTable
ZwSetThreadExecutionState
ZwOpenSemaphore
NtSetContextThread

Sections

.text
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

weIJUNLi
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ