190ed224f3ad8983390fece1ca41201b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

190ed224f3ad8983390fece1ca41201b
Size

314KB
MD5

190ed224f3ad8983390fece1ca41201b
SHA1

814cfc146eeb3330165c72e56930ee1245414d27
SHA256

b24888b79b80c15e8b24a732e850d62854d1d964876148920025655a4e6a4f9a
SHA512

4dffc68e75c05544dfeb514e27cc2ef0baf64f78f82b51360c7c5c37e98d42c0695caad69a9bd18386f8dc04d7f79cc13bd1db4dbe687b6f50460a815447c3de
SSDEEP

6144:z92SUeJV4B4S1Eeg/zhZxTzBLY2fiG6iOn38x6FMT+jVEA:zNT84S1EDZ1Y2fNOmKE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
190ed224f3ad8983390fece1ca41201b

Files

190ed224f3ad8983390fece1ca41201b
.exe windows:4 windows x86 arch:x86

addf5573c142124ad1229ce2c13318db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GetDiskFreeSpaceExA
FreeConsole
LocalFree
TlsGetValue
IsBadReadPtr
GetCommandLineA
GetDateFormatA
EnumResourceTypesW
FindClose
CloseHandle
SetLastError
LoadLibraryExW
GetModuleHandleA
CancelIo
GetDriveTypeW
ResetEvent
GetLastError
IsBadStringPtrA
VirtualProtect

advapi32

OpenEventLogA
IsTokenUntrusted
CloseTrace
CloseEventLog
RegCloseKey
GetLengthSid
FreeSid
LsaClose
LsaFreeMemory
RegEnumKeyExA
GetFileSecurityW
RegCreateKeyExA
AccessCheck
RegCloseKey

hnetcfg

HNetFreeSharingServicesPage
DllGetClassObject
HNetDeleteRasConnection
HNetGetSharingServicesPage
DllRegisterServer

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ