12e78fc99a52e2df997ed14e998a468c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12e78fc99a52e2df997ed14e998a468c
Size

88KB
MD5

12e78fc99a52e2df997ed14e998a468c
SHA1

84062b09355e14be9aa62bb4494907e232a6551d
SHA256

c9cca38918b505501cb63a7d6fced8d8c76012ec98707c74aa96e20dd7c1519a
SHA512

cf7b5c610659fa47628e57797b17ebb25d8e7f22abde9e96bf07548bf8e9d11c37bc305c1ce8bca38c818aa671dba699f7fb5eac90cfb3fd9f95a6d435b5c71e
SSDEEP

1536:FyYFmJUHLNjr2RnnnUTZNnL0lDcrmxjqM7d12iV:FySmJcxKRnUTLn4SrmxjH76i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12e78fc99a52e2df997ed14e998a468c

Files

12e78fc99a52e2df997ed14e998a468c
.exe windows:4 windows x86 arch:x86

37cf5298cc8a4a729e657dc3c1d23d88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
GetModuleHandleA
EnumResourceTypesW
SetLocalTime
GetDateFormatA
GetDriveTypeW
CloseHandle
IsBadStringPtrA
TlsGetValue
FreeConsole
LocalFree
GetDiskFreeSpaceExA
IsBadReadPtr
CancelIo
LoadLibraryExW
FindClose
GetCommandLineA
VirtualProtect
GetLastError
SetLastError

advapi32

IsTokenUntrusted
RegCreateKeyExA
RegEnumKeyExA
FreeSid
CloseTrace
AccessCheck
GetLengthSid
OpenEventLogA
RegCloseKey
LsaClose
GetFileSecurityW
CloseEventLog
LsaFreeMemory
RegCloseKey

hnetcfg

HNetGetSharingServicesPage
DllRegisterServer
HNetDeleteRasConnection
HNetFreeSharingServicesPage
DllGetClassObject

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE