1801d39dab30abe6cdd93e7555b0f691 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1801d39dab30abe6cdd93e7555b0f691
Size

484KB
MD5

1801d39dab30abe6cdd93e7555b0f691
SHA1

074940fc660c3f382721b1f6fcc6a210cf9f0feb
SHA256

752c67db7788282313e214e859ad9d8d7c311d71fbaf50105bc393e462dbb9ab
SHA512

56afb8782d0f94ebdb05c0779c8e6f3bfbc9cdfa3e18d9606841233a84224e30225684bce8da5d841fbe794ea6f57f8853dc8594cb4b018beaf2573bb021d304
SSDEEP

12288:WMCz8NGW197UVYTH0xV/QXPGwPoxikOv44qPg8:WMCz8NTBUmz0xRCuwPoxik644qPg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1801d39dab30abe6cdd93e7555b0f691

Files

1801d39dab30abe6cdd93e7555b0f691
.exe windows:4 windows x86 arch:x86

d23cf3237d37f938c0a95582283d937e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwAccessCheckByTypeAndAuditAlarm
RtlZombifyActivationContext

advapi32

LsaCreateTrustedDomainEx

user32

GetInputState
GetShellWindow

Sections

.text
Size: 477KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE