561d23ff59894a6064de38219a745210 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

561d23ff59894a6064de38219a745210
Size

59KB
MD5

561d23ff59894a6064de38219a745210
SHA1

7dce1fb7000986569bfd75b5c8b361bf6ccbdca5
SHA256

89ccc12d4b5d2c5d46bd10e27d1bb2a7a9758eab2b54cf13c357917a73a1b084
SHA512

2c59bd96f43c9fcadb1e61528ae2b5caf52a3150964b1af71b556602f6499f4b66633e5c432c0c95b06ab638306fbcbc2f16726db90c08da0921eeddd9c49dbc
SSDEEP

1536:uANM3eQz0747BxlUYOju2AQkNbmHxjbQci6LyXeWw8:TNMvwkdxl/OOCxfViMmv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
561d23ff59894a6064de38219a745210

Files

561d23ff59894a6064de38219a745210
.exe windows:4 windows x86 arch:x86

309f08ff082177aa51d7ff00190137f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_chkstk
strcat
_vsnprintf
isalpha
memset
strcpy
strstr
strlen
_stricmp
memcpy
RtlUnwind
NtQueryVirtualMemory

kernel32

GetVolumeInformationA
SetThreadAffinityMask
GetProcessAffinityMask
CreateFileA
MapViewOfFile
UnmapViewOfFile
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
SetEvent
GetCurrentThread
GetProcessHeap
ExpandEnvironmentStringsA
GetWindowsDirectoryA
WriteFile
GetCommandLineA
OpenProcess
WideCharToMultiByte
Sleep
CreateEventA
CreateProcessA
TerminateProcess
GetSystemDirectoryA
GetLastError
SetLastError
GetProcAddress
GetLongPathNameA
LoadLibraryA
CreateFileMappingA
GetSystemInfo
GetModuleHandleA
CreateMutexA
GetVersionExA
CloseHandle
DeviceIoControl

advapi32

AdjustTokenPrivileges
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenThreadToken
OpenProcessToken

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE