37ff808f46ef90f8d502d988ed2e8583 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37ff808f46ef90f8d502d988ed2e8583
Size

402KB
MD5

37ff808f46ef90f8d502d988ed2e8583
SHA1

f04cf0e2c514bcd99e73c0e0e8ed18c14ad0f846
SHA256

9c5f21a94df7a85f5fbb16fbb68f19b9265ac8319725fc2a40128c4c6c44b68e
SHA512

6230d3e5c762e2537a28ca1c25c49d53351759f78c02da867e9d0a46443053071450b218690960e1bbcc3b6056c7ac56080a07bfb9db61e92051c9fbca8db70a
SSDEEP

12288:Ginorx92Q/Ypi8DuR2GQDGRDmy69p5zCLB1AVv:GbBS5+LBQv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37ff808f46ef90f8d502d988ed2e8583

Files

37ff808f46ef90f8d502d988ed2e8583
.exe windows:4 windows x86 arch:x86

9b1ac936b02d8f8f241c91476606f090

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
OpenFileMappingW
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
VirtualQueryEx
CreateNamedPipeA
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
GetTickCount
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
LoadResource
TlsFree
GetFileTime
InterlockedExchange
RtlUnwind
WritePrivateProfileStringA
QueryPerformanceCounter
VirtualQuery
LoadLibraryA
ExitProcess
CreateWaitableTimerA
lstrcmpW
TlsAlloc

advapi32

CryptVerifySignatureA
RegQueryValueW
LookupPrivilegeNameA
CryptAcquireContextW
RegEnumKeyExW
RegConnectRegistryA
LookupAccountNameA
DuplicateTokenEx
RevertToSelf
RegRestoreKeyA
CryptImportKey
DuplicateToken
RegSetValueExA
CryptDecrypt
LookupPrivilegeValueA
RegCreateKeyW
CryptExportKey
RegDeleteKeyA
RegOpenKeyExW
CryptSignHashW
LookupPrivilegeValueW
CryptEncrypt
CryptHashData
InitiateSystemShutdownW
CryptEnumProvidersA

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ