f876ff4a6549bc2b49a0271bb6c773b6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f876ff4a6549bc2b49a0271bb6c773b6
Size

229KB
MD5

f876ff4a6549bc2b49a0271bb6c773b6
SHA1

c6e143302f257ab3d494274755964b9c35f2821c
SHA256

273cb4bfaec936c0cafc00562c2f29046c153f9221415899f605f5c7cc5cef03
SHA512

757dd0fec742a4aabb00a936b0ee49483423a2224929b448088868333e92a085046178cb96c881088b3cabe0adb7bb89d79cdd6baba99ad539bc81cfe62efca1
SSDEEP

6144:+qr5JEbnFZsDLDZ/SByF1zKtplU36MCZ:/5JEbnFZsDLDkByF1zKtplU36MCZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f876ff4a6549bc2b49a0271bb6c773b6

Files

f876ff4a6549bc2b49a0271bb6c773b6
.exe windows:6 windows x86 arch:x86

6877cc41e391be847f73e44df3ba2562

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
TerminateThread
CloseHandle
GetCurrentThread
ReleaseSemaphore
GetCurrentProcess
lstrlenA
ExitProcess
CreateThread
LoadLibraryA
lstrcmpiA
WriteFile
ReadFile
GetFileSize
SetFilePointer
CreateFileA
GetSystemTime
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetProcAddress
CreateSemaphoreA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ