2d6c6c73c6edc3ff15f96a52fd6288bf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d6c6c73c6edc3ff15f96a52fd6288bf
Size

44KB
MD5

2d6c6c73c6edc3ff15f96a52fd6288bf
SHA1

6ea2b3b512056d348742e1f9bb6ab095059484bf
SHA256

7b9959a55c4deb4d39e5a7db0f933d34fac7f1b003940464d7c6869d1f6eee61
SHA512

8613d235e988d3256b81aead448e1cee15029ae97a7c6cf9f3ced93cbb0775faafb6977fb0713e1017ecd8692dbfd5525c218c1ac97f365a027a35d5e08ef947
SSDEEP

768:8z4V/bFBmbmO/JCU/A5b2nkRcWT3vqFJnzFBl9R5b:8z4V/3CbY5b2nurQJzN3t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d6c6c73c6edc3ff15f96a52fd6288bf

Files

2d6c6c73c6edc3ff15f96a52fd6288bf
.exe windows:4 windows x86 arch:x86

77c35dfefdca30cd4d96c1b09ea987f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_ultoa
_itoa
memset
memcpy

msvcrt

rand
strtok
srand

kernel32

FindFirstFileA
Process32First
CreateProcessA
lstrcmpiA
TerminateProcess
GetProcAddress
VirtualAlloc
FindNextFileA
OpenProcess
ExitProcess
FindClose
lstrcatA
LoadLibraryA
CreateToolhelp32Snapshot
Sleep
Process32Next
FreeLibrary
GetTickCount
CreateEventA
WriteFile
CloseHandle
lstrlenA
HeapFree
SetNamedPipeHandleState
lstrcpyA
TransactNamedPipe
GetLastError
HeapSetInformation
ProcessIdToSessionId
GetCurrentProcessId
HeapAlloc
WaitNamedPipeA
GetVolumeInformationA
GetWindowsDirectoryA
GetSystemTime
CreateFileA
HeapCreate

user32

wsprintfA

advapi32

RegQueryValueExA
OpenSCManagerA
ControlService
CloseServiceHandle
ChangeServiceConfigA
OpenServiceA
RegOpenKeyA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ