5c311409e8381566c5f80b382c268464 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c311409e8381566c5f80b382c268464
Size

243KB
MD5

5c311409e8381566c5f80b382c268464
SHA1

aed921d0851011b5673b7129f21026e9c2a0aa01
SHA256

c187fc3aed7f30ee911630bd3db4132df1d8b385d9a0bb9e0ca676a5b9463657
SHA512

90105f0ad2f4436a999bc94325a63e67d876ab29421a08889587f356b6334aeaea51be51e84fe50d316228b177aa4bc1d77bf4e4852f45d275f698f4c8565279
SSDEEP

6144:C1uzWf5G4jzg+6Vnm14sObBxWxkLgrxqwM39J:HevWd1tbrWRtqwgL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c311409e8381566c5f80b382c268464

Files

5c311409e8381566c5f80b382c268464
.exe windows:5 windows x86 arch:x86

b744a49b603656a24cf334b424649125

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncmp
__initenv
_errno
_iob
atoi
??2@YAPAXI@Z
__wgetmainargs

ntdll

NtQuerySystemInformation
RtlValidSecurityDescriptor
RtlRaiseStatus
RtlInitializeSid
RtlSetGroupSecurityDescriptor
isprint
RtlMultiByteToUnicodeN
NtSetThreadExecutionState
RtlClearBits
RtlUnicodeToOemN

kernel32

InterlockedIncrement
GetProcessHeap
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcess
GetThreadLocale
GetLastError
GetStartupInfoA
InterlockedExchange
InterlockedDecrement
GetVolumeNameForVolumeMountPointW
SetErrorMode

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ