1780e4ad3b3c1476ab11d76ea7227b3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1780e4ad3b3c1476ab11d76ea7227b3e
Size

187KB
MD5

1780e4ad3b3c1476ab11d76ea7227b3e
SHA1

58977f68a3cdede9d8387358f98683bf200cf1cb
SHA256

b79697c70522aeb34063f93ee676163e73325e98c338b8d2a0f571540c06db14
SHA512

bc09880fe06ee9320b8450f0ffb1e206187acb6c9f7e6193df9ac6f5b60acd22d45174c0be9b8bbc5523487ec2642e1a15da54b167a04c883e943fd75edd4443
SSDEEP

3072:0KMiM81NQoZBojpfhQ1nxrnRVJ6szCLwD7cj9Wfexcu9b2kfPmoOQ6AAcO0u902D:W21VBoFfCtv6XLwMQfeZ9akfuD6ObO2D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1780e4ad3b3c1476ab11d76ea7227b3e

Files

1780e4ad3b3c1476ab11d76ea7227b3e
.exe windows:4 windows x86 arch:x86

e6474e307608055a29333858fd4879d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId

ntdll

NtAllocateVirtualMemory

netshell

NcFreeNetconProperties

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

msvcrt

wcslen
wcscat
wcscpy
wcstoul

ole32

CoUninitialize
CoTaskMemFree
CoInitializeEx
CoCreateInstance
StringFromGUID2

samlib

SamAddMemberToAlias

Sections

.text
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ