630d5b6696f1c96637c20af8254a868b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

630d5b6696f1c96637c20af8254a868b
Size

480KB
MD5

630d5b6696f1c96637c20af8254a868b
SHA1

1ee6f0aad95d26ab4f0ac76ac8408f6ab2d7d705
SHA256

ef4b7ebc68721e8917e83a5bd59ab8378512aef0a611cd7bf7b7e7a256e2d3f1
SHA512

81312f7330a0ce80bafe5bf875819646f007aefb084d3287f1649e419b0f0553019f9d8daf942e7d58cd9d7950711bff1fba50590430a7deed8c1f3b0d3d7cf7
SSDEEP

12288:BSHSTW/XPLtC/a8sjURLBJWh5BaPBskXlV2fLGvRmhjOZNeB8:BnsXPLkC8saB2aGiDuDJOLe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
630d5b6696f1c96637c20af8254a868b

Files

630d5b6696f1c96637c20af8254a868b
.exe windows:4 windows x86 arch:x86

43470a405db44da8f85828f0a4d2204a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlRemoteCall
NtRegisterThreadTerminatePort

user32

GetInputState
OemToCharBuffA

kernel32

GetCurrentProcessId

Sections

.text
Size: 475KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 197B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE