10db90047af83ab4a3ef9a2f4c647eee | Triage

Sharing

General

Target

10db90047af83ab4a3ef9a2f4c647eee
Size

8KB
MD5

10db90047af83ab4a3ef9a2f4c647eee
SHA1

e02951ca9236cda630466a1303241167ccee6ab4
SHA256

ee6dca945b47f1369f9f0e78cf1d569dc0c7acc34858d2872b2a9e3cabee8d47
SHA512

a7c01578eb35f7f9d604317ab19a1fe0a094cdc90f342760b1fbd9f10eaa3430729d28542d397ceddc218e6655f9cdbc2f204d763ac24d7c64f49c4f61da1d36
SSDEEP

192:w0FtSK9eNOWc2TW5UWcOLto5DDlGdpxz:R/ozq5ncsWDDlGd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10db90047af83ab4a3ef9a2f4c647eee

Files

10db90047af83ab4a3ef9a2f4c647eee
.exe windows:4 windows x86 arch:x86

db37ce52d8c54ff3187a6c84e322099e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
VirtualAllocEx
VirtualFreeEx
Sleep
GetCurrentProcess
GetLastError
ReadFile
SetFilePointer
CreateFileA
CopyFileA
lstrcatA
lstrcpyA
CreateRemoteThread
GetEnvironmentVariableA
GetProcessHeap
GetSystemDirectoryA
GetVersion
WriteFile
GetLocalTime
WinExec
DeleteFileA
lstrcmpA
GetProcAddress
LoadLibraryA
OpenProcess
CloseHandle
MultiByteToWideChar
lstrlenA
GetModuleHandleA
GetModuleFileNameA
ExitProcess

advapi32

AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
RegSetValueExA
RegCloseKey
LookupPrivilegeValueA

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

msvcrt

_except_handler3
sscanf
_stricmp

Sections

.text
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ