2ca1f37dd06f5d17cd1151320694bbe1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ca1f37dd06f5d17cd1151320694bbe1
Size

14KB
MD5

2ca1f37dd06f5d17cd1151320694bbe1
SHA1

dc171200181e1ad534fc2806543695cabd0c34ba
SHA256

df09e830808988290044b50afa4464f1a37cf738164cb3b7b2ae301854432670
SHA512

c530d18396a1463f3672e4b2cca49fa051f305ee1f8efd17749f8dad15a89eb3420b0fb7ff389de995a66584ee5ad197a3447974d5dea7bbf69d01659c5f2627
SSDEEP

192:/eF5VTxHHijmGbRwyhkWoLMKrVmIVMmNKYlUFKrq8RpmgJ6rsF+LkkCl:/8lxHCjxbRwyhJo9RPMmZrNRLsY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ca1f37dd06f5d17cd1151320694bbe1

Files

2ca1f37dd06f5d17cd1151320694bbe1
.exe windows:4 windows x86 arch:x86

79a1f75fc60ca904e7658c54ca86ea02

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
GetFileInformationByHandle
CreateFileA
lstrcatA
GetSystemDirectoryA
GetProcAddress
LocalFree
ReadFile
IsBadReadPtr
GetVersionExA
lstrlenA
LoadLibraryA
GetVolumeInformationA
GetWindowsDirectoryA
OpenProcess
HeapFree
GetModuleHandleA
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetCurrentProcess
CloseHandle
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind

advapi32

RegEnumKeyExA
RegQueryValueExA
RegCloseKey
GetSecurityInfo
GetUserNameA
SetEntriesInAclA
SetSecurityInfo
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

ws2_32

inet_addr
socket
WSAStartup
WSACleanup
htons
connect
send
closesocket

urlmon

URLDownloadToFileA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ