54663668aa351baf6005935a66cc8f32 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54663668aa351baf6005935a66cc8f32
Size

11KB
MD5

54663668aa351baf6005935a66cc8f32
SHA1

4118cf6f7ac167fd6e78445644ab760eb23903b2
SHA256

454144ee61cde7e49276062c971e099127370340239c42d16ffb84b5b3e51f56
SHA512

dbc232bdca977eb6290b889a149a64849f8fc6e4162d0b28160813c5b060ce339adacf19b59a661838189762eb5d82ecce2a2144c81cd0369a8b342522cc4c30
SSDEEP

192:61VE8QWGKtb3yAjRYNpJ2mfZMNeTL3TNeG:IVMlKtb3yAFYNpwqMNeLNeG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54663668aa351baf6005935a66cc8f32

Files

54663668aa351baf6005935a66cc8f32
.exe windows:4 windows x86 arch:x86

62f88a97b8cb8a7c203f590514d14fef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
CloseHandle
GetModuleHandleA
CreateThread
GetTickCount
SetEvent
FindVolumeClose
FindClose
VirtualProtect
ReleaseMutex
SearchPathA
ExitProcess
FindAtomA
GetDiskFreeSpaceA
lstrlenA
Sleep
DeleteCriticalSection
GetLastError
FindResourceExA
GetCalendarInfoA

advapi32

CloseEventLog
IsValidSid
LsaClose
CloseTrace
RegCreateKeyExA
LsaFreeMemory
RegLoadKeyA
OpenEventLogA
LsaSetSecret
RegCloseKey
RegEnumKeyExA
AccessCheck
FreeSid
GetFileSecurityA
RegCloseKey

msdtcuiu

DllGetClassObject
DtcPerfOpen
DtcPerfCollect
DllRegisterServer
DtcPerfClose

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ