00f3927376088163ddd615d4f31742fc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00f3927376088163ddd615d4f31742fc
Size

7KB
MD5

00f3927376088163ddd615d4f31742fc
SHA1

d2d11babc8311a3a54383a291182ed5ba8e4ea19
SHA256

9677c14d22302fab94d69619e6b3668d83c9ab376fe5dfe220ccf073feee4568
SHA512

3ff1af01f8c8e607481e52f573aa434bf380ff26b81b9a643a4be4dd40d46d645601ffbb948bf198784bbaa15cffb51690014f4d25158766d9d9ea55f06592cd
SSDEEP

96:W1vOL9SZymB+uv7sMfGSS3Qeza0GYvlrov9uQtzrJpYZ3BiWM7bNocC:zsxxGSS3QZxErDQPpIR/0bNocC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00f3927376088163ddd615d4f31742fc

Files

00f3927376088163ddd615d4f31742fc
.exe windows:4 windows x86 arch:x86

deb561b9a5a65ab9cee1d0c16bac43c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strcat
_except_handler3
sprintf
strlen
memcpy
memset

kernel32

GetCurrentProcess
WinExec
WaitForSingleObject
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetThreadContext
CreateProcessA
GetProcAddress
ExitProcess
LoadLibraryA
lstrcatA
GetTempPathA
GetStartupInfoA
CloseHandle
WriteFile
CreateFileA
GetModuleFileNameA
DeleteFileA
GetSystemDirectoryA
GetModuleHandleA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE