6d07b49457c38bbc907588acd04e79cb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6d07b49457c38bbc907588acd04e79cb
Size

309KB
MD5

6d07b49457c38bbc907588acd04e79cb
SHA1

67985b800300172e5407c4037dbca5baaa375efb
SHA256

b9709b59723c70984a708c25e8519c95e279300ddcb7df41b9a4c61ccc4fd6ee
SHA512

45c93483c525f83731b6a6cb7a2e2bac225e61d8b8582d8327513ca05636b9047ee6bab777bf17ab9eb717ba088540f1460a2e668fc2138267a8568d558b29e5
SSDEEP

6144:1HOPgExBP0IsWUGULqMVcoaMqaagAsETTRVzi6jnfJERIa:kPJs6dWcbM2TTRBfJERV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6d07b49457c38bbc907588acd04e79cb

Files

6d07b49457c38bbc907588acd04e79cb
.exe windows:5 windows x86 arch:x86

a725bba6e993990814623754bb0d61ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

log
__argc
_flushall
realloc
is_wctype
feof

ole32

ReadClassStm
OleGetAutoConvert
CoRevertToSelf
CoGetInstanceFromFile

kernel32

GetLocalTime
GetEnvironmentVariableA
GlobalDeleteAtom
GlobalFindAtomA
SuspendThread
LocalUnlock
GetNamedPipeInfo
PostQueuedCompletionStatus
WriteTapemark

advapi32

ReadEventLogA
GetSidLengthRequired
GetSidSubAuthorityCount
ConvertAccessToSecurityDescriptorW
QueryServiceLockStatusW

gdi32

SetFontEnumeration
GetObjectType

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ