6a387aef3cb1532df63456af880bcaa9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a387aef3cb1532df63456af880bcaa9
Size

91KB
MD5

6a387aef3cb1532df63456af880bcaa9
SHA1

1c7475b998f79fa113c2724134d757d2e9438546
SHA256

15a94cc72c16f3cc1dc9cfccd605cddd5bfa797f93e5f8f769d23321d46fd4ef
SHA512

1a24657d814ab3ebf0193810b80d1a63d785a3ea22162cbb02147bbe06131d6cc87ef7de4570e0a560301b46fd4d39f5a3b442505c1d4851b8c9a4157cd5bde0
SSDEEP

1536:OFjUwvbBw817UsC1gYcLInL9avZwnGfXa1YFB9XLivMjw4hC653:OFjLbrSsKOCL9avEGy1sbSUwYz53

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a387aef3cb1532df63456af880bcaa9

Files

6a387aef3cb1532df63456af880bcaa9
.exe windows:4 windows x86 arch:x86

5eb30b58d665adb46561bd8eb6dec80a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateNamedPipeA
ScrollConsoleScreenBufferA
InterlockedPopEntrySList
GetVolumeInformationW
lstrcpynA
SetEnvironmentVariableA
TlsFree
SetConsoleCursorMode
LZStart
WaitForMultipleObjects
GlobalAlloc

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 77KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE