072bc32bd9e083a9c2cb79b03f5ed19f[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

072bc32bd9e083a9c2cb79b03f5ed19f.exe
Size

50KB
MD5

072bc32bd9e083a9c2cb79b03f5ed19f
SHA1

cfccd22570ec3adc1e9a71b86f714ac30095975b
SHA256

38caa078dafa0772194e0ea4ea87d47ea3995b851e89953bdf1e2f6e3d15b333
SHA512

72581ac631a618826849f32f85e0823a2e8741a7c293b323751e94cfeab6ed1a8573f6ff10b1c6839d433543c655a339bfaa875036733f18befe8ab5e951f474
SSDEEP

1536:MsLVGsMvDaCWihA1LV1ZDqdQICaLAqmhtZrKAHd:MB7raCWDEObaUqifr9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
072bc32bd9e083a9c2cb79b03f5ed19f.exe

Files

072bc32bd9e083a9c2cb79b03f5ed19f.exe
.exe windows:5 windows x86 arch:x86

f7ce1feae7ca9f0ccc2f7682f66608d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCurrentThread
GetWindowsDirectoryA
CreateEventA
GetSystemDirectoryA
CreateMutexA
GetVersionExA
GetCurrentProcessId
DeleteFileA

ntdll

memset
wcsncpy

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data32
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE