510310294fac4693a101c6a101eff7b7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

510310294fac4693a101c6a101eff7b7
Size

26KB
MD5

510310294fac4693a101c6a101eff7b7
SHA1

9a3b0e984c24f52ea1583d3fa0b5c6ec3604b270
SHA256

e0bffb4796a2fadf896d4b5eaec6ae457b362ccd9c9f9df51191ae50006de60a
SHA512

abd296b950f9d3e4d4e8566e41bd9628e4ad860bb7e89e59a942407cd8ade49df90f18948f8a8a5fdba1d3d2de2fb54b2352931764ce09ab0566b0d1ce0f4f98
SSDEEP

768:HxAMRq4esxbVhqok7ng/O3xTCC7/TES11Tl:eQFxSnNkKLES11x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
510310294fac4693a101c6a101eff7b7

Files

510310294fac4693a101c6a101eff7b7
.exe windows:4 windows x86 arch:x86

a687f3b5012e8401a931b8a6fa66c5ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
GetKernelObjectSecurity
GetTokenInformation
LookupPrivilegeNameA
CopySid
CreateProcessAsUserA
AdjustTokenPrivileges
SetSecurityInfo
RegQueryValueExA
AddAccessAllowedAce
AllocateAndInitializeSid
ControlService
LookupAccountNameA
InitializeAcl
OpenServiceA
GetSidIdentifierAuthority

kernel32

GetFileTime
GetExitCodeThread
ReadProcessMemory
WaitForMultipleObjects
GetEnvironmentVariableA
DuplicateHandle
PulseEvent
lstrcpyA
FormatMessageA
GetSystemDirectoryA
SetProcessWorkingSetSize
GlobalMemoryStatus
WriteFile
TlsSetValue
InitializeCriticalSection
TerminateProcess
LockResource
GetTimeZoneInformation
GetStringTypeA
RaiseException
SearchPathA
CreateThread

gdi32

GetBkColor
SetROP2
ExtTextOutA
Rectangle
CreateSolidBrush
EndDoc
EndPage
SetTextColor
SelectClipRgn
LineTo
CreateFontIndirectA
MoveToEx
BitBlt
GetObjectA
SetBkMode

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ