1f9949b49db90feb4f8fac5a77e84d1c | Triage

Sharing

General

Target

1f9949b49db90feb4f8fac5a77e84d1c
Size

42KB
MD5

1f9949b49db90feb4f8fac5a77e84d1c
SHA1

283eacdf1214775f6792ed93110e1b93166f3de0
SHA256

407cc3431d892fe2537175b4b6a31e2bf14ae483161de5f8988244d62f63aadd
SHA512

d4b2c508017cc4450fa233e958f9fcdeb7413cd5a1be5b691f5db5da9d9e3ab1e4360cead3bbca2b50a631f7704c97c71fa6e77773fea2f160a1e4b3e76594cd
SSDEEP

768:Gp1G8xu4rko3uIzfC20zi/KTfQC+rsW/VTu2qIbNwGw4:GjG80mP3uMfFx/kIC+VtynIbz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f9949b49db90feb4f8fac5a77e84d1c

Files

1f9949b49db90feb4f8fac5a77e84d1c
.exe windows:4 windows x86 arch:x86

abad1c3a72019df41211ed431ab8bcee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
LoadLibraryA
NlsGetCacheUpdateCount
GetCurrentProcess
EndUpdateResourceW
GetBinaryTypeW
VirtualProtectEx
GetPrivateProfileSectionA
VerLanguageNameW
FreeResource
LCMapStringA
SetHandleInformation
UnlockFile
GlobalMemoryStatus
SetCommState
InitAtomTable
SetMailslotInfo
GetConsoleAliasW
GetProcAddress
GetPrivateProfileStringA
RegisterConsoleVDM
GetFileSize
LockFileEx
GetDiskFreeSpaceW
FindVolumeClose
GlobalFree
HeapCompact
ResetEvent
WaitNamedPipeA
OutputDebugStringW
SetProcessWorkingSetSize
CreateJobObjectA
WriteFile
Module32Next
CreateFileMappingA
GetFileType
FindNextVolumeA
GetThreadContext
ExpandEnvironmentStringsA
ProcessIdToSessionId
OpenEventA
GetConsoleOutputCP

user32

SetCapture

Sections

.text
Size: 4KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE