1bf816bc06ae21f34fa5291fbf659839 | Triage

Sharing

General

Target

1bf816bc06ae21f34fa5291fbf659839
Size

42KB
MD5

1bf816bc06ae21f34fa5291fbf659839
SHA1

db4aad2fda3eee95f373b333a21afa42a2c40060
SHA256

8630c64fc027cd72cfe62e66d603a5e4f99d8ba0d2c5e102808482346c1800e9
SHA512

e741a270b18f4f36d761d21eec8cf19bb756c771314d314cf619818da0fc864e3637fffdabc1b998222e0be106f518795a83be7ea365a3d115b170233853405b
SSDEEP

768:HGf82Ux5F/Yhe8Iv+OrlLTzXAx36lcPlkDauAKBUtAfEuxI3u:I08I1VzA36EkDJAOJfVyu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bf816bc06ae21f34fa5291fbf659839

Files

1bf816bc06ae21f34fa5291fbf659839
.exe windows:5 windows x86 arch:x86

ece3c50b6a60186174845d38825d15d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
InterlockedExchange
GetLastError
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadLocale
InterlockedDecrement
GetTickCount
InterlockedIncrement
GetProcessHeap
GetVersion

msvcrt

_iob
_XcptFilter
malloc
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__mb_cur_max
rand
memmove
__getmainargs
time

ntdll

NtFsControlFile
RtlNormalizeProcessParams
sprintf
RtlFreeHeap
_aulldiv
RtlAnsiStringToUnicodeString
NtQueryVolumeInformationFile
RtlDosPathNameToNtPathName_U
RtlSubAuthoritySid
RtlDecompressBuffer
_alldiv

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ