536f8df1494acf26bc5cbe76e759623a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

536f8df1494acf26bc5cbe76e759623a
Size

124KB
MD5

536f8df1494acf26bc5cbe76e759623a
SHA1

83458728b5ffa5f73b7d5e060c979b6eb0aef503
SHA256

bc17854143d20945ac70f94f9294416ffd8711a8b51548cf2e4138c6c9466141
SHA512

ed2a045b31fd47b30a26af4079ec7c123da5b659e2b43a67ca9d9e6f31b883f1851dcc3311ea60fc1240a16fc86a629eea6334a605854035fd0d3df2e547ad64
SSDEEP

3072:jLsALYwil+Jfw99DjPdyTfXHziqNz6yMVWtZd:nRpVw9qPdNz6TVEZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
536f8df1494acf26bc5cbe76e759623a

Files

536f8df1494acf26bc5cbe76e759623a
.exe windows:4 windows x86 arch:x86

951b6b0f85023c833a13a24d66ba6096

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ClearCommError
GetExitCodeProcess
ExitProcess
ClearCommError
ReleaseMutex
CreateMutexA
EnumResourceNamesW
QueryPerformanceCounter
CreateProcessW
ExitProcess
GetStartupInfoA
CreateFileMappingA
MapViewOfFile

user32

CharNextA
KillTimer
PeekMessageA
SetTimer
CharUpperA
PostThreadMessageA
GetMessageA
LoadStringA

rpcrt4

RpcBindingSetAuthInfoA
NdrClientCall
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcStringFreeA

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ