20ae76f6a5e747e54f015c26b2f850c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20ae76f6a5e747e54f015c26b2f850c9
Size

130KB
MD5

20ae76f6a5e747e54f015c26b2f850c9
SHA1

8dc621141292d438ecb30b64ab910f4d2d63dd79
SHA256

dc964d5367c12150f58e7e8c92538baf7f611b06ed4abdf4156ef5f5ac7680ff
SHA512

88ea60ba60cf73858ff1ad1709c74dcdc5a7f280bc347afd6353523c0a090e71bb00d430c91ea312ee2599a684b447184673a1c142736cfc798c16d1892af7bc
SSDEEP

3072:q3KKdDFu5We43tC71VVZx64Y7WNOY8QxpmIQ/ISOEfsMZuGh++ts/J:qak+43tC71xQ7Wv8QQ/IAfsjiS/J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20ae76f6a5e747e54f015c26b2f850c9

Files

20ae76f6a5e747e54f015c26b2f850c9
.exe windows:4 windows x86 arch:x86

559398b1246f3c18c513f21a971018a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetVersionExA
GetModuleFileNameA
WaitForSingleObject
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
CreateProcessA

user32

CharLowerA

msvcrt

malloc
strstr
free
fclose
_filbuf
ftell
fseek
fopen

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE