12d8ff39e1bbd9ea4823cc707c1320ac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12d8ff39e1bbd9ea4823cc707c1320ac
Size

8KB
MD5

12d8ff39e1bbd9ea4823cc707c1320ac
SHA1

56c7ab4c7d8184590b9daf3e1f91c8ac7f625af8
SHA256

a26d637a91922267d643d8c78a626ac4776ce56d8520181bb54a76ab1d3a9da7
SHA512

a7f8c0477de6823d11a8e45ae745813afe4989e08eda4e37bb4ea07f100a93243230160c2f65508f85e8246b01eddd14a8d8f94d19c0381fdbd4bf1b56a99764
SSDEEP

192:+Bz8751dXLi0K3rQXSV4UO/tmZBdZDkjWWnDSl/hFUyiet:m47XV1K7l2U6mloLdde

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12d8ff39e1bbd9ea4823cc707c1320ac

Files

12d8ff39e1bbd9ea4823cc707c1320ac
.exe windows:4 windows x86 arch:x86

7bf588dbbd648ebdc66d195320fb14a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetProcAddress
LoadLibraryA
CloseHandle
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
OpenProcess
Sleep
WinExec
GetWindowsDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
RtlUnwind
HeapReAlloc
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
VirtualFree
VirtualAlloc

user32

FindWindowA
GetWindowThreadProcessId

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 832B - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 928B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE