f6cb933bd79536d305e738a5aa8f782b | Triage

Sharing

General

Target

f6cb933bd79536d305e738a5aa8f782b
Size

709KB
MD5

f6cb933bd79536d305e738a5aa8f782b
SHA1

330ae0547788c2d572c9ec4684369055aa8e8ef0
SHA256

c61d50a499a845708c725ef12cf9fa1c5f75becd95fa3ad432b68e20037f8f57
SHA512

a48b1a17d02872bcc2bc51228d1fd883012e2e42271d1086ea58dd6b45e2a3ef036c6625a538fbcaa8d6114c952256d7f0db2baeede538630871c3c9fc4fcb5e
SSDEEP

12288:dQkrvRgPfS44TVcjfZQ44kOPmnow6xXGtKkUx1LI9Ri4EqV6jnv11FG:akVg3SfT4C2t6NGUfLQo91o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6cb933bd79536d305e738a5aa8f782b

Files

f6cb933bd79536d305e738a5aa8f782b
.exe windows:5 windows x86 arch:x86

3f506c1d3033381851606dad3d3879e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlInitializeRXact
ZwOpenDirectoryObject
NtLoadKey
ZwQueryDirectoryFile
RtlNewInstanceSecurityObject
KiRaiseUserExceptionDispatcher

kernel32

GetSystemTimeAsFileTime
ExitProcess
Sleep
GetLastError
FormatMessageA
GetCurrentThreadId
lstrcpynA
GetModuleHandleA
GetTickCount
GetCommandLineA
GlobalCompact

msvcrt

wcsrchr
fopen
_vsnprintf
bsearch
_wfullpath
__p__fmode
memset
_strlwr
__setusermatherr
sprintf
strchr
_wsplitpath
time
_except_handler3

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE