13d56c73f66386c589b3e61ba2aa3941 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13d56c73f66386c589b3e61ba2aa3941
Size

8KB
MD5

13d56c73f66386c589b3e61ba2aa3941
SHA1

b24b98feba587cc7527bf3bd6c3b5219236e48cc
SHA256

852813a1cc4aef6b65941d4fddde2c4dc1f94c30875b24e9d47f49229e8817b0
SHA512

9dda2ea6bb946bb969d30f726f0cfff187e599258c2b22065ff1b365a17c6b8637827b13de0033baeb733785b168a60ae5af15960d52f790ccb21aabd95bbfd9
SSDEEP

192:N2jZ88B5VZj7syruO9qTfWda1OOGoHlMEnCv:NWq8BzZjoyr7oR1OnaMEn6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13d56c73f66386c589b3e61ba2aa3941

Files

13d56c73f66386c589b3e61ba2aa3941
.exe windows:4 windows x86 arch:x86

183b6d9ef615799f0e24d63ca907d908

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryObject
ZwLoadDriver
memset
wcsstr
RtlFreeUnicodeString
RtlInitAnsiString
RtlUniform
strstr
strlen
NtQuerySystemInformation
RtlAnsiStringToUnicodeString
vsprintf
memcpy

psapi

GetProcessImageFileNameA
EnumProcesses

iphlpapi

GetAdaptersInfo

ws2_32

htons
send
htonl
WSAStartup
connect
closesocket
socket

kernel32

lstrcpyA
DeleteFileA
lstrcpyW
GetSystemTime
CloseHandle
DuplicateHandle
GetModuleHandleA
GetModuleFileNameA
FindClose
CopyFileA
VirtualAlloc
GetLastError
FindFirstFileA
GetFileSizeEx
lstrcatA
CreateFileA
GetCurrentProcess
VirtualFree
GetWindowsDirectoryA
WriteFile
OpenProcess
GetSystemDirectoryW
Sleep
ReadFile

user32

CharLowerW

advapi32

RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
OpenSCManagerA
LookupPrivilegeValueA
RegQueryValueExA
RegSetValueExA
EnumServicesStatusA
OpenProcessToken
CloseServiceHandle

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 37B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE