354c2a7224c03770161508012daa7953 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

354c2a7224c03770161508012daa7953
Size

144KB
MD5

354c2a7224c03770161508012daa7953
SHA1

8cc4aa21fe60268b2d9dc738a1d661caf5458745
SHA256

e580c2dfeb0570ca6a0a032592b9434ab2d0a1117d8d5981d5d0db2cebe10b09
SHA512

72a7df38fc8d9eb2db6a61036bbc089c5cbc9226d21ef5e099db21f6b8f6c10e4417a9ba084320740ac859a11fae57ebabe86b85a843833d0e0a6953650cf055
SSDEEP

3072:obgkU9qvgi9oGPFH20HoOXE9KAQSKZsu/p3KJvFigcVEX98YXYzKi:oSqYiT9H2wDEErSOyJvKVEXmi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
354c2a7224c03770161508012daa7953

Files

354c2a7224c03770161508012daa7953
.exe windows:5 windows x86 arch:x86

578da91221f10364135da5221d3cbb9c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory
NtQueryDirectoryFile
RtlAddAccessAllowedObjectAce

rtutils

TraceDumpExA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE