2204a1202ab94afde9983ace4f6e86e0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2204a1202ab94afde9983ace4f6e86e0
Size

34KB
MD5

2204a1202ab94afde9983ace4f6e86e0
SHA1

908214330c76263c424ce3eb3300e8254e48cfa3
SHA256

7ab80f9a4cab7d7f0dc0c0d82d18d8858e73285becf22b091bdaad7b31d01ecb
SHA512

5e73cf0123df5f5e493dd1ce29cbf8570ca3bf82b7e7e2bf92f198ee1f3a89b2fae89bfacf0f59acbf8052a80a6c6b436cc6c12762e2747582360f8037fe5a81
SSDEEP

768:joICYk93/ypnLESoMlGW3O5sHPwPMYHINlxOQh3x2OGzScFHTCTPM1/R85xSXp:nCYkF/ypNBld36sHHYHIjVh3pczpGT0H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2204a1202ab94afde9983ace4f6e86e0

Files

2204a1202ab94afde9983ace4f6e86e0
.exe windows:4 windows x86 arch:x86

0318be5de917d71a823fb3691b05cd2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
Thread32Next
Thread32First
OpenProcess
VirtualAlloc
VirtualFree
ExitProcess
GetCurrentThreadId
CreateRemoteThread
LoadLibraryA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
CreateThread
GetLocalTime
GetModuleHandleA
WriteFile
CopyFileA
DeleteFileA
GetTempPathA
GetShortPathNameA
GetModuleFileNameA
TerminateProcess
CreateEventA
OpenEventA
GetStringTypeA
RtlUnwind
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
GetWindowsDirectoryA
CreateFileA
GetFileTime
SetFileTime
Sleep
GetCurrentProcess
GetProcAddress
CloseHandle
GetStringTypeW

user32

GetMessageA
TranslateMessage
DispatchMessageA
GetInputState
PostThreadMessageA
EnumThreadWindows
GetClassNameA
FindWindowA
PostMessageA
GetWindow
GetWindowTextA

advapi32

OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
LookupPrivilegeValueA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RwDat
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE