230ce4d72a8fc86cbb265be5673c2a67 | Triage

Sharing

General

Target

230ce4d72a8fc86cbb265be5673c2a67
Size

190KB
MD5

230ce4d72a8fc86cbb265be5673c2a67
SHA1

85bc2cc86e7c49ef4b35dbc7e118715cb82cde2f
SHA256

107dac9e75ee3e32d546788bcb7bc17b7dc0b5baa96e693f17efe6baabbf7f9b
SHA512

8ff0a87b3b77fa2b75b3996e50287677902851f7e44711da090f0914b097a1f3368fe197609e45b4aba986d4b5f2caf97672cddf56b01718278fdd020c464050
SSDEEP

3072:juTax/C/gRf3cLs5bcXw6yc9Zk7yNoFAgm003hUZqPY0+9bbwa4Op5BEhXazo3+9:n54GDIG7XFAgvEgBppoh33S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
230ce4d72a8fc86cbb265be5673c2a67

Files

230ce4d72a8fc86cbb265be5673c2a67
.exe windows:5 windows x86 arch:x86

7ebc021a45d7cd3bc05220653c029538

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
GetTraceLoggerHandle
StartTraceW
CheckTokenMembership

ntdll

RtlExitUserThread
RtlCancelTimer
ZwOpenEvent
NtTerminateThread
NtQueryInformationProcess

kernel32

VirtualAllocEx
WaitForMultipleObjects
CloseHandle
InterlockedIncrement
CreateIoCompletionPort
HeapDestroy
GetSystemTimeAsFileTime
CloseHandle
CreateFileA
CreateFileW
InterlockedDecrement
SetThreadAffinityMask
DuplicateHandle
SetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
LeaveCriticalSection
DisableThreadLibraryCalls
WriteFile
Sleep

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ