20b7f65f0fe4eed3a2cb960b68fa4347 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20b7f65f0fe4eed3a2cb960b68fa4347
Size

3KB
MD5

20b7f65f0fe4eed3a2cb960b68fa4347
SHA1

bae67b284f856c1a67a6fd56981d18c7d6bb24d4
SHA256

f356f4f435cd791441abc12b6f447f2e31b6e7b6d951930af437e33c95edbd54
SHA512

b3f677ec13e85685fef47e93a8a95dd7cb6cad917a823b3cb3c0d5b502aa86cc807858d3cb60f323b3190ebbdc74747a3dcb45675b13016b4f95de9a3b50988b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20b7f65f0fe4eed3a2cb960b68fa4347

Files

20b7f65f0fe4eed3a2cb960b68fa4347
.exe windows:4 windows x86 arch:x86

6f5f54c7326540c7a7c3d7b8a4f20150

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
HeapAlloc
GetProcessHeap
GetLastError
OpenProcess
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
CreateEventA
DuplicateHandle
GetCurrentProcess
HeapFree
lstrcmpiA

advapi32

GetTokenInformation
LookupAccountSidA
OpenProcessToken

ntdll

NtQueryObject
RtlEqualUnicodeString
RtlInitUnicodeString
NtQuerySystemInformation

Sections

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE