119afffa43c2083fe9fc1110e8675bc6 | Triage

Sharing

General

Target

119afffa43c2083fe9fc1110e8675bc6
Size

32KB
MD5

119afffa43c2083fe9fc1110e8675bc6
SHA1

7bd528442444938c3f9d8cc65208750e72a615c9
SHA256

79e8ff201a4d5535cc7e8f8e53b9cf8443f5c1e3de627082037b4048eaaa3191
SHA512

f4c297c52ac6686de16337c7f8199009aabd59b531df7911dbbeff8fc68894ce03666cf3aee2a3d0fcb1a8e847aaa2fddf932ca88c6719ae38df38108d30c5f2
SSDEEP

768:clTvOwcqy3VszCKSwnS1IIoZkATky1dxkVX0:clixqqVsuKSwAFyHq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
119afffa43c2083fe9fc1110e8675bc6

Files

119afffa43c2083fe9fc1110e8675bc6
.exe windows:4 windows x86 arch:x86

8b5254c2da64d8a069d26b91eb1208e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateProcessA
CreateToolhelp32Snapshot
ExitProcess
FindResourceA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetWindowsDirectoryA
LoadLibraryA
LoadResource
LockResource
OpenProcess
Process32First
Process32Next
RtlZeroMemory
SizeofResource
Sleep
WaitForSingleObject
WinExec
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpA
lstrlenA
VirtualFree
VirtualAlloc
SetLastError
CreateRemoteThread
GetCurrentProcessId
ReadProcessMemory
ResumeThread

user32

wsprintfA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ