470be24bcb9831faa484df53c7b168f4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

470be24bcb9831faa484df53c7b168f4
Size

11KB
MD5

470be24bcb9831faa484df53c7b168f4
SHA1

670dfa64924b09433955f8e3e128e97cb7d48b4f
SHA256

cf2c19cb04095f639da0904ffdc0b9966ebb3140b3928fba13627138f9c32046
SHA512

f913c1eba91e2f92f2761091695cbb34ec85aa5d2283fe34f5ef701ebf1d3035aaf6d13808495e4f54c1f0388836242d3c4d7d06b1c839a3dc62a12c87fab889
SSDEEP

192:lTvL33HjbatGVCVUyMocbm1hdUL1IuUIy+Rlz0IDgfqJtU9edPCvfJazPu+hqVfJ:vwSyM0UJVLRlwDSJAedPCvf4ru+6a/xE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
470be24bcb9831faa484df53c7b168f4

Files

470be24bcb9831faa484df53c7b168f4
.exe windows:5 windows x86 arch:x86

3dba8aeacf4e3520373d2054df199819

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcmpiA
GetProcAddress
CopyFileA
SetFileAttributesA
VirtualAllocEx
LoadLibraryA
GetSystemDirectoryA
LocalAlloc
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
CloseHandle
LocalFree
WriteProcessMemory
OpenProcess
CreateRemoteThread
Process32First
Process32Next
lstrlenA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE