1ca8de1891f1b235f9ac3cb03ca317cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ca8de1891f1b235f9ac3cb03ca317cc
Size

289KB
MD5

1ca8de1891f1b235f9ac3cb03ca317cc
SHA1

4ec03950a4e9a4369f645eab85c59d90e5fda10b
SHA256

77c0e41eb719fec0e44274498960b6cb7e2368983073fa625c70d1c6731d6fe3
SHA512

defddd8e8ed0f7f3362e07f2e40bdb6f1c9eb7b02110f1415d0a6615ae5707a6e0044184504436d0d6b6e18ea0137ca390b9c9e24ae3c00f37880a6c5d15740e
SSDEEP

6144:mL0MDHUU1LaqMRHQECf0iDTNGuxL6+a9+dsDnhp4vq/N0pbeQ:mL0Nua3HkXTNGiLBSnhpaq1a9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ca8de1891f1b235f9ac3cb03ca317cc

Files

1ca8de1891f1b235f9ac3cb03ca317cc
.exe windows:4 windows x86 arch:x86

ac411f093a26e5a5391237ac7115fcd8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
GlobalDeleteAtom
RaiseException
GetLastError
LoadLibraryExA
SetErrorMode
GlobalAddAtomA
GetACP
EnterCriticalSection
LockResource
VirtualProtect
HeapCreate
GlobalFree
CloseHandle
GlobalUnlock
SetConsoleOutputCP
GetLocaleInfoA
GetDriveTypeA
Sleep
FileTimeToLocalFileTime
GetStdHandle

user32

DrawTextA
IsIconic
GetClassNameA
GetCursorPos
OemToCharBuffA
GetFocus
ClipCursor
BeginPaint
ReleaseDC
ValidateRect
GetParent
GetWindowTextA
EndPaint
GetMenuItemInfoA
SetForegroundWindow
GetActiveWindow
GetWindow
DrawEdge
ShowWindow

ntdsapi

DsFreeNameResultA
DsGetSpnA
DsIsMangledDnA
DsBindA
DsCrackNamesA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 968KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ