5e6d8eb4e21391d26e23463c85849816 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e6d8eb4e21391d26e23463c85849816
Size

16KB
MD5

5e6d8eb4e21391d26e23463c85849816
SHA1

b72f6455cef9e4a4c4f3a6aeb2f5f2b6339daff6
SHA256

e775c17bb048e1224174cd15105ae5b7b4543b0ee0765b870a6eda7d388989d8
SHA512

ccf275754c34f7073248f42b5338e692003d909f01fa4f2a78324f9f2b173e2a7e791b1795c3d147ad278f5d2c8d381bf290b8f52fb09c4eeaf0099d580ccb82
SSDEEP

192:6rgYsGWnzWSySVPGIOqfs1EAUWfLMNeTL3TNeT4+vDiZ+y:RYsGGjNGrMs3fLMNeLNek+vDiEy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e6d8eb4e21391d26e23463c85849816

Files

5e6d8eb4e21391d26e23463c85849816
.exe windows:4 windows x86 arch:x86

30ee991c6e7e4c804305706b94b1d5c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
CreateSemaphoreA
GetComputerNameA
OpenMutexA
Sleep
GetVersionExW
GetLastError
CloseHandle
CreateMutexA
GetModuleHandleA
GetCommandLineA
TlsGetValue
SetEvent
ReleaseMutex
DeleteCriticalSection
VirtualProtect
FreeConsole
SetLastError
FindClose
SearchPathA

advapi32

RegCloseKey
OpenEventLogA
RegLoadKeyA
LsaSetSecret
CloseEventLog
LsaFreeMemory
IsValidSid
RegEnumKeyExA
GetFileSecurityA
CloseTrace
LsaClose
FreeSid
RegCreateKeyExA
IsTextUnicode
RegCloseKey

loghours

DialinHoursDialogEx
LogonScheduleDialog
DialinHoursDialog
DirSyncScheduleDialogEx
DirSyncScheduleDialog

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ