1c9c266d747ea3abb13685df8cb40041 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c9c266d747ea3abb13685df8cb40041
Size

629KB
MD5

1c9c266d747ea3abb13685df8cb40041
SHA1

324bca3159a14c7b0cdea84bc5d9b5d6bb76ea4b
SHA256

4ac3f9a54c709772a938c0d7f73e67f1365fe82dfe830dd7d3123dbf5ee0a463
SHA512

2b419324958452e4b7dc260eb5724609df75f50dcfd54ddc39ff3605b3aad1bcc8f0509d473d75782786cf9f25c5d64c71924f72cce8678f9d247e9a100adf99
SSDEEP

12288:cSLuTvgb+x+vQhtMD3Fy/7Jl0b4eCuPG4/NL5uCWYncsJ:Br1IUc1u9LZpnlJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Buchung-3103352-59897056N6.com

Files

1c9c266d747ea3abb13685df8cb40041
.zip
Buchung-3103352-59897056N6.com
.exe windows:5 windows x86 arch:x86

a4c59f8399a53bb5c57d011baca5b971

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rsaenh

CPDecrypt
CPEncrypt
CPCreateHash
CPDeriveKey

kernel32

GetCurrentThreadId
LoadLibraryW
WriteConsoleA
GetShortPathNameA
CloseHandle
HeapAlloc
VirtualAlloc
OpenFileMappingW
CreateSemaphoreW
LoadLibraryA
CreateProcessW
OpenMutexA
lstrcmp
FindClose

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ydata
Size: 661KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE