19d33226e6874a5a73131d4903c048fc | Triage

Sharing

General

Target

19d33226e6874a5a73131d4903c048fc
Size

655KB
MD5

19d33226e6874a5a73131d4903c048fc
SHA1

3ef49f8f0b04e503e9fa8a3ab1aa602ae7d590fa
SHA256

72825ade3f9fabd6fab0fcd82e1654beeccccc9ca8b4055f59710f58f510778c
SHA512

c4be2f30a67aeb4bfc11c8ac1ff6d937605cc90f6129b1cea7898dbf123bf3cfd4f0006d297c5101629f5f58fe38660faa1c37699cfbe3233268d2f2f279d35e
SSDEEP

12288:ROvImD8Jz+MygZM//WeeIBchhEJ7Hayydm45DMfNNkKoJzYfobW/kHj+:RWDG1Vg/dHGhhq644lKoJkfn/k6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19d33226e6874a5a73131d4903c048fc

Files

19d33226e6874a5a73131d4903c048fc
.exe windows:4 windows x86 arch:x86

a9f544e558731907efd89d1e721e5e41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
ExitProcess
FindResourceA
GetModuleFileNameA
GetModuleHandleA
GetThreadContext
LoadResource
LockResource
OutputDebugStringA
ResumeThread
RtlZeroMemory
SetThreadContext
SizeofResource
VirtualAllocEx
WriteProcessMemory
lstrlenA

ntdll

ZwUnmapViewOfSection

Sections

.FSG
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shield
Size: 652KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pestub
Size: 114B - Virtual size: 114B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ