20a0f8df3ae50841cfb91482722360fd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20a0f8df3ae50841cfb91482722360fd
Size

349KB
MD5

20a0f8df3ae50841cfb91482722360fd
SHA1

da45d495282d31b7728ead3f7115bc1d9017809b
SHA256

3fe9bc07b9402a22b508affd67f18add6de5568e2c909c64e9800241e4254b21
SHA512

8860b70abdeacc9bc61e79be011cf812971b92a07e61a29d91362ba55f4e4ec9e275564ec5382593dc6a8b97ed5255b52610bf2651d078036e533316cf838468
SSDEEP

6144:NLu9lJLViuEZsrMpe5nKtIw+T462HAnwkd+wJyOyEqrGndWBpDGkibu0y0zznMiZ:0JNMcBvN2gnD+2q6nypDdGuUMiCYr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20a0f8df3ae50841cfb91482722360fd

Files

20a0f8df3ae50841cfb91482722360fd
.exe windows:4 windows x86 arch:x86

559398b1246f3c18c513f21a971018a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetVersionExA
GetModuleFileNameA
WaitForSingleObject
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
CreateProcessA

user32

CharLowerA

msvcrt

malloc
strstr
free
fclose
_filbuf
ftell
fseek
fopen

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE