17131c03848b4d3664d0fc600fa6d946 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17131c03848b4d3664d0fc600fa6d946
Size

40KB
MD5

17131c03848b4d3664d0fc600fa6d946
SHA1

423ec18a239e25f1a862b9db70266a77db4e1862
SHA256

31f7c2abdf776feaed23842b58bfc25b00c78e7e0d60b59c9159116880a0ff37
SHA512

048d263b399a3b7b1a7fde37bea4afd7807e36c123774156b2e8226802e2d0d620d5f3e18e0c8029a1bb7eab55f9a1e2694fa55c54a6ab9d0b8f354134b69817
SSDEEP

768:aOfUw4z70kYUp1vSFt6/io3zzpiZybLG/MM+IlGAQzcgedsA2AYCLS:a1wg0kY0tUt6/bzmWw8IUJggFDhC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17131c03848b4d3664d0fc600fa6d946

Files

17131c03848b4d3664d0fc600fa6d946
.exe windows:4 windows x86 arch:x86

d257fae1322f5966bd7b5cbb77564755

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DefineDosDeviceW
LoadLibraryA
GetProcAddress
GetCurrentProcess
VirtualProtectEx
MultiByteToWideChar
ReadConsoleInputExA
DeleteTimerQueueTimer
CompareStringA
RtlMoveMemory
ReadConsoleA
HeapLock
CreateProcessW
DebugActiveProcess
TerminateThread
LocalFlags
FileTimeToDosDateTime
GlobalGetAtomNameA
DuplicateConsoleHandle
SetConsoleNlsMode
EnumLanguageGroupLocalesA
LocalShrink
SetConsoleLocalEUDC
IsBadReadPtr
CreateDirectoryExA
GetPrivateProfileSectionNamesW
OpenJobObjectA
PeekNamedPipe
OpenMutexA
WriteFileEx
GetLastError
DeleteFileA
SetDefaultCommConfigW
RtlUnwind
GetConsoleOutputCP
HeapCreate
InterlockedExchangeAdd
Module32FirstW
LoadLibraryW
ReadConsoleOutputCharacterW
WriteFile
GetDateFormatA
VirtualAlloc
GetConsoleCommandHistoryW
CommConfigDialogW
OpenFileMappingW
FindClose
GetLogicalDrives
WriteConsoleOutputCharacterA
OpenFileMappingA
UTRegister
ExitThread
ResumeThread
GetLogicalDriveStringsW

user32

SetCapture

Sections

.text
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE