2c76493be17c199afcd572284076362b | Triage

Sharing

General

Target

2c76493be17c199afcd572284076362b
Size

98KB
MD5

2c76493be17c199afcd572284076362b
SHA1

1c30ba66292ed7b76563a6f2a32a328105249924
SHA256

7ddbee311a73c7ded2b3d1d365bdb8b8be89d0facee10f966a829d093007fbc3
SHA512

e042ac9c484352b870b4a91b21b182efe35b775ac650b07c9fae148e8d70a168a73659d3eea79a9ec749df7d9f2c3e5299d11520c0815237f4bb6d03615cc4c6
SSDEEP

3072:Wc2doIdiNj2LzGqOrdEDNJ/JNfAWTtK5Kbnz7:LWwNjdqCdGhNfVTtKAf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c76493be17c199afcd572284076362b

Files

2c76493be17c199afcd572284076362b
.dll .ps1 windows:4 windows x86 arch:x86 polyglot

431a1dcc9a894e4acd5377ebe894b231

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnumResourceLanguagesW
ExitProcess
ExitThread
GetModuleHandleA
VirtualFree
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__p__commode
__set_app_type
fprintf
sscanf
strpbrk
wcscat
__getmainargs

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ