22d79a01b72ca6cc6c089ade7e7f8c7a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22d79a01b72ca6cc6c089ade7e7f8c7a
Size

24KB
MD5

22d79a01b72ca6cc6c089ade7e7f8c7a
SHA1

081b417605998c29fb66c751353d8368389cfd2e
SHA256

3c060be73c5424e6ba759b719ebca906b5b3bedc640d931683917c7d946f61bc
SHA512

e72d2352413215df11d5ea2104aae8bb46e282cf4c1a903e8bbbd32e6d95d428c0a78911a4f8c40523d6c1a5668be24067079528f2659d544cf19ceaff8a72dc
SSDEEP

384:sgI3bINbNWBZjvwbW/8AoWEmdPGFQ273eLXVBYkkjuv1hkNLdbaLa4CwUJuUCSFt:sR3bjvwxAj5YEVBxkjuv7wbaLa4PU4b7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22d79a01b72ca6cc6c089ade7e7f8c7a

Files

22d79a01b72ca6cc6c089ade7e7f8c7a
.exe windows:4 windows x86 arch:x86

8424e0ed1f9eaabd09fa4bdee6edcf0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
CreateFileA
OpenProcess
GetTempFileNameA
Sleep
CopyFileA
GetTempPathA
GetSystemDirectoryA
GetPrivateProfileStringA
GetCurrentProcess
DeleteFileA
GetSystemTime
WritePrivateProfileStringA
MoveFileExA
SetFileAttributesA
QueryPerformanceCounter
GetModuleFileNameA
GetWindowsDirectoryA
QueryPerformanceFrequency
CloseHandle
LoadLibraryA
ExitProcess
GetProcAddress

user32

PostQuitMessage

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

msvcrt

atoi
_stricmp
_except_handler3
strcpy
strncpy
strcat
strrchr
strcmp
memset
_itoa
sprintf

shlwapi

PathAppendA

wininet

InternetReadFile

Sections

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ