7d8c1da1e35e81768a19f9734a3d7876 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7d8c1da1e35e81768a19f9734a3d7876
Size

100KB
MD5

7d8c1da1e35e81768a19f9734a3d7876
SHA1

4e30cd25892a0a6464a92ede92e1ad8ddae67f1a
SHA256

774d29a7374cf0cc5a706144171347b7e6c5dc729272e4b4acb770632fd9e15d
SHA512

f7bb57633463460a6d541a35b7e6c0812d67bf23020eb3dbc02e75615e4b91cab3544bc0cfb9a0b5a2cc9bb141df48fdb3e64f2794d9f527b95bc14be0910e05
SSDEEP

1536:dW6vo3JNkpEGH/Qq3X0r+eajKRcKCpoqDRRI+bklmILxylgX:dWBZG/r3X0Ha+RhCpXDoOkldxyl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7d8c1da1e35e81768a19f9734a3d7876

Files

7d8c1da1e35e81768a19f9734a3d7876
.exe windows:4 windows x86 arch:x86

e1e6d9280f927978b7fddf05b9a552bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

ZwQueryInformationJobObject
NtCallbackReturn
NtSetDefaultLocale
RtlDefaultNpAcl
ZwSetUuidSeed
NtQueryOpenSubKeys
ZwAlertResumeThread
RtlInitAnsiString
NtOpenSemaphore
_allshl
RtlFindMostSignificantBit
RtlUnwind
RtlpNtCreateKey
NtAssignProcessToJobObject
NtSetHighEventPair
ZwExtendSection

Exports

Exports

Xnfpgycnat

Sections

.ldata
Size: 4KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ