2cb9c6508048fbd25c76c0e03724ad3d | Triage

Sharing

General

Target

2cb9c6508048fbd25c76c0e03724ad3d
Size

8KB
MD5

2cb9c6508048fbd25c76c0e03724ad3d
SHA1

be0dac74b6b6bd87db068e806184395d6fdd261a
SHA256

96af18e9e2ea7a8c151b79a0983bee308988d3b24b551c56f45b38593d1e0ce7
SHA512

0bb0304a7610ed83e379be518cbb656b5db121cbd48f06effbc471adfbdbeffb7ec1881d2ed36b47221cfb95af6127a59d0fe6dd8c0d59d233e85f4c59cda64c
SSDEEP

192:Px3sOeujLS7ipFOtjSF42ETabAxBJQMtnQ:NzLS7iH+aETabAPJQ+nQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cb9c6508048fbd25c76c0e03724ad3d

Files

2cb9c6508048fbd25c76c0e03724ad3d
.exe windows:4 windows x86 arch:x86

354bc291bf6197aa544391a8336fc01f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
ExitProcess
GetModuleFileNameA
GetTempPathA
GetThreadContext
GlobalAlloc
GlobalFree
ResumeThread
CreateProcessA
WaitForSingleObject
HeapFree
ReadFile
HeapAlloc
CopyFileA
GetFileInformationByHandle
CreateFileA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
LocalFree
IsBadReadPtr
GetVersionExA
CloseHandle
SetThreadContext
GetProcessHeap

ntdll

strrchr
strcmp
strcat
memcpy
strstr
_strcmpi

advapi32

SetSecurityInfo
SetEntriesInAclA
GetUserNameA
GetSecurityInfo

shell32

SHGetFolderPathA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE