10b4875ebf0c1c8265e89299c7c293a9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

10b4875ebf0c1c8265e89299c7c293a9
Size

23KB
MD5

10b4875ebf0c1c8265e89299c7c293a9
SHA1

e5dfd9d5abfe838b0ec0cf601cf6336371c5f99f
SHA256

7b7b0d6744c90f54eea729309f0b671541885bf3fa5eec9ab5e27b15321e1a7b
SHA512

7994cedc3e6c2cb45394fd6a54fc592227d71dca580eea4e86d8b4e5fcc6106e81d7188e5143693281608233b2084fccf0a4d6f474f978b50e3c727c7914d3ab
SSDEEP

384:obPGumdBz0aKNttGA+sZ4E1eW/8AoWz8AoW4BYkkjuv1hkNLdbaLa4CwUJuUCSFt:wPGumdyRFL8E1EAmAuBxkjuv7wbaLa4q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10b4875ebf0c1c8265e89299c7c293a9

Files

10b4875ebf0c1c8265e89299c7c293a9
.exe windows:4 windows x86 arch:x86

479cac110a224fd8bd9eae0a44ec61b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
OpenThread
Thread32First
GetCurrentProcess
DuplicateHandle
CreateFileA
GetProcAddress
LoadLibraryA
GetTempFileNameA
Sleep
CopyFileA
SuspendThread
GetSystemDirectoryA
GetPrivateProfileStringA
ExitProcess
WritePrivateProfileStringA
MoveFileExA
SetFileAttributesA
QueryPerformanceCounter
GetModuleFileNameA
GetWindowsDirectoryA
QueryPerformanceFrequency
CreateThread
Thread32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
TerminateProcess
CloseHandle
GetTempPathA
lstrlenA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken

msvcrt

strcmp
memset
strcat
strcpy
strrchr
atoi
_except_handler3
_stricmp
_itoa

shlwapi

PathAppendA

Sections

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ