6cdd780c731bf78e66d117239dfebad1 | Triage

Sharing

General

Target

6cdd780c731bf78e66d117239dfebad1
Size

5KB
MD5

6cdd780c731bf78e66d117239dfebad1
SHA1

91180d736ed861a63f7671e826b0f544a84d093d
SHA256

42ddd37afc66b22ff2d63ba8fc70a9c74322a452c61523b72c88072e4e6ba5dc
SHA512

d7f3b11daeec2892daa6101084dbf62ad4da64f1f21b6b46d76a2d05755c40b42b64336d4fa5adb6e88ad1e5abb7723b55e6e798ad8b885ee3ba470d0c55ffef
SSDEEP

96:Z/92EpW/AB+32xd5c+306Nk49bZS7/kIqL+5StzlHFZ+8Di:zV5H30T24tqvdk8W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6cdd780c731bf78e66d117239dfebad1

Files

6cdd780c731bf78e66d117239dfebad1
.exe windows:4 windows x86 arch:x86

e4ea89f590412389786e3fe40192a55c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
GetCurrentThreadId
CopyFileA
GetWindowsDirectoryA
DeleteFileA
WinExec
GetTickCount
GetTempPathA
lstrcatA
LoadLibraryA
ExpandEnvironmentStringsA
Sleep
GetSystemDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
ExitProcess
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenA
OpenProcess
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
CreateProcessA
GetProcAddress
ResumeThread

user32

wsprintfA
GetInputState
PostThreadMessageA
GetMessageA

advapi32

RegSetValueExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

msvcrt

fopen
_stricmp
strcmp
_except_handler3
strlen
??3@YAXPAX@Z
??2@YAPAXI@Z
strcat
fclose
fscanf
_strupr
strchr

wininet

InternetGetConnectedState

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ