13b0233e37de134113cc492de6a281f1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13b0233e37de134113cc492de6a281f1
Size

5KB
MD5

13b0233e37de134113cc492de6a281f1
SHA1

441edb1b1cdb52b9610d9f1e60c61eef8b940f27
SHA256

822724837d3079917ef340632c0784ec25c234004c3c022eb3462986bca93c89
SHA512

958e99863d229e36c92ac82c7bdc204cb43f10bc752094c393eba37df8e9d2ee95a29e095aa09563f5ce9fb7a1b11dd7b4fa692d7e4cdf6d1da7fdf9e5fd611a
SSDEEP

96:AUhFePA3gIJdsI0vd/85xomW9ZhGhcsmLwzHUoynLFLFDDG0Yg8:AAFe8gIJOD05x6QcNLw7UoynJLFDDGi8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13b0233e37de134113cc492de6a281f1

Files

13b0233e37de134113cc492de6a281f1
.exe windows:4 windows x86 arch:x86

64488cd0894148761a1a7107b8c0bbe3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA

msvcrt

tolower
_controlfp
__set_app_type
_except_handler3
_adjust_fdiv
__p__fmode
__p__commode
__getmainargs
__setusermatherr
_initterm
_exit
_acmdln
_XcptFilter
exit
strstr
time

kernel32

GetProcAddress
lstrcatA
GetSystemDirectoryA
GetStartupInfoA
DeleteFileA
CreateProcessA
GetCurrentProcessId
CopyFileA
Sleep
CreateToolhelp32Snapshot
LoadLibraryA
Process32Next
GetCurrentProcess
Process32First
GetModuleFileNameA
BeginUpdateResourceA
GetVersionExA
LoadResource
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
GetLastError
GetModuleHandleA
VirtualAllocEx
OpenProcess
LockResource
FindResourceA
CreateMutexA
EndUpdateResourceA
CloseHandle
WriteFile
CreateFileA
SizeofResource

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ