1f8d5313a604938730e893fd04f1226d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f8d5313a604938730e893fd04f1226d
Size

32KB
MD5

1f8d5313a604938730e893fd04f1226d
SHA1

60412c82284b980878cf5363d0bd6792ca26bd99
SHA256

a27ac472a4bd5bd16dc51a3dc0c64ee0570b851a9aedbd20d52ef8aeed7811ba
SHA512

68937112be30e303d8bc91a1abebe1a58b96f7d51b8d3eda46571046746493d462706cb1cf49bf569a6f3e57bf8d204b9563f1982cb371268c8a4d3f49022085
SSDEEP

768:T0hIdQy1CEMlu1jp6tWUmZ9cAq30fNkQ00bXGX6y:NyNluFp6tWn9cL0LbXGX6y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f8d5313a604938730e893fd04f1226d

Files

1f8d5313a604938730e893fd04f1226d
.exe windows:4 windows x86 arch:x86

a6655b12db12feb92d9b076a53bcd056

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
GetWindowsDirectoryA
CreateRemoteThread
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetProcAddress
GetModuleHandleA
LoadLibraryA
WriteFile
GetSystemDirectoryA
CreateEventA
Sleep
SetFileTime
ExitProcess
ResumeThread
WaitForSingleObject
GetCurrentThreadId
CreateProcessA
CopyFileA
OpenEventA
CreateDirectoryA
GetModuleFileNameA
GetStringTypeA
RtlUnwind
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
CloseHandle
GetCommandLineA
DeleteFileA
GetStringTypeW

user32

GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
GetInputState

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RwDat
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE