6795aa864dd5cb1729e7184bbda7a10f | Triage

Sharing

General

Target

6795aa864dd5cb1729e7184bbda7a10f
Size

9KB
MD5

6795aa864dd5cb1729e7184bbda7a10f
SHA1

eae6a1eb1a6b780f2f3e66a349fdadfece4d2d53
SHA256

5de6209b08cbda135575f64320a612939a6fc450b08217353aa6b54237a4b6a6
SHA512

7a6409877f318d7d0084fc2a62c1b3442845886617263a103773266bae7960a586a1c86e10fa70adfeda84de315011a16684c20db20fd2728841232e77ace711
SSDEEP

96:1GRWl1y+3l0moQr4SfLpINzu6oc3uSiyBvPRhhCy5QltYb0uXHx+MMTyboyD1c:f1132mDLfFINoVyBvjpn7XR+xTMoyDW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6795aa864dd5cb1729e7184bbda7a10f

Files

6795aa864dd5cb1729e7184bbda7a10f
.exe windows:4 windows x86 arch:x86

dcf192e4934d610af9783e1e004b1f20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
DebugActiveProcess
EnumCalendarInfoA
ExitProcess
GetTimeFormatA
OpenMutexA
RtlMoveMemory
SetConsoleCursorPosition
SetDefaultCommConfigA
SetVolumeLabelW
WriteProfileStringW

advapi32

AbortSystemShutdownW
AreAllAccessesGranted
BuildExplicitAccessWithNameW
GetServiceDisplayNameA
PrivilegedServiceAuditAlarmW
QueryServiceLockStatusA
SetThreadToken

user32

CharUpperBuffW
GetKeyboardType
GetMessagePos
GetWindowTextLengthA
RealGetWindowClass
ReleaseDC
SendDlgItemMessageW
ShowCursor
TabbedTextOutW

shell32

ExtractIconExW
OpenAs_RunDLLA
OpenAs_RunDLLW
SHChangeNotify
SHEmptyRecycleBinA
SHFileOperationW
ShellExecuteEx

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE