63bd89b1115d73a2cf1321e433431171 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63bd89b1115d73a2cf1321e433431171
Size

41KB
MD5

63bd89b1115d73a2cf1321e433431171
SHA1

08f7170642a9ba0a4142d337bff1fa0f58d8b9a8
SHA256

cabcc50d80a126cc9bf53c09d82d11035ef76b1d8a0273892fe95c29e3271bd2
SHA512

a2024ab78372061ac8877f5b52726252482a476f1c5710fb6f1a6e3939a3a63f9956fd48e287d075d11fee1b10b7027317aff80e9590d32085731a1886813350
SSDEEP

768:oFSn1ZKJw0ND3bxOf2eWSmfmpzauxiz9bYmqDSW5QHaeCsDolg4d4L:oMKvJO+eWSmfmpzauxilyQHaPrd4L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63bd89b1115d73a2cf1321e433431171

Files

63bd89b1115d73a2cf1321e433431171
.exe windows:4 windows x86 arch:x86

67951e7ad01ef582afbbbe0cbe588d90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLongPathNameA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
CloseHandle
CreateProcessA
ReadFile
lstrcpyA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcessId
GetCurrentProcess
SetFilePointer
CreateFileA
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
Process32Next
Process32First
CreateToolhelp32Snapshot
CompareStringA
lstrlenA
lstrcatA
GetSystemDirectoryA
WriteFile
GetFileAttributesA

user32

wsprintfA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ