5279f9258ae8c9832458d828abb34717 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5279f9258ae8c9832458d828abb34717
Size

127KB
MD5

5279f9258ae8c9832458d828abb34717
SHA1

a835ff38f80c8e4651d66f816bcd2da01ea9df70
SHA256

742121141fb8f02845230464bec24d4abdc1040f21a1dff91a6d93e65f34861a
SHA512

5340c2f06061c526d98d0d8fdde4160340bdc79befb1736813e785c2f6c5608307da288c7864151267b13ddfee925c1a586e554120d62cbecd05f1546ad7f671
SSDEEP

3072:VzbemohYkQr0jeLwJr95rJo3VrbHfHLqZ:ViYQqLwhHrWB/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5279f9258ae8c9832458d828abb34717

Files

5279f9258ae8c9832458d828abb34717
.exe windows:6 windows x64 arch:x64

3278baca99c1606cf9ef8e35e6d41cf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryW
GetProcAddress
FreeLibrary
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
RtlCaptureContext

msvcrt

__set_app_type
?terminate@@YAXXZ
__wgetmainargs
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler

ole32

CoInitializeEx
CoUninitialize

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE