518ef9491a3a5dc81d79a07e66c7b78d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

518ef9491a3a5dc81d79a07e66c7b78d
Size

1022KB
MD5

518ef9491a3a5dc81d79a07e66c7b78d
SHA1

94c1c3b7feb7163dd025b2c131d26ffbda779ef0
SHA256

6cc9387c9e0fab3820101d9cd397a79477db4ed1f307e697118fd8c7812fcd70
SHA512

3752784399ce7d953ec9761ecc72033f62e6002cc7ee034aabe6606852198fd53b962ae15817412a1816e734a6f1ba6d67821665bf3aeaf9e892fd1ce3dfe08a
SSDEEP

24576:dds1yVhz2hwoxNlVWDQ5LGebDUkwyP1growjp1uKde:TTVhz26oxAYzP1KownO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/crac.exe

Files

518ef9491a3a5dc81d79a07e66c7b78d
.zip
MAX.nfo
crac.exe
.exe windows:5 windows x86 arch:x86

baf971b693b3da05731290e17c065d34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue

Sections

olmwizwt
Size: 257KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gandyayl
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

elrtfxsi
Size: 739KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hpwyyjvv
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE