70192ad9d60b27b59432322cd6802384 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70192ad9d60b27b59432322cd6802384
Size

33KB
MD5

70192ad9d60b27b59432322cd6802384
SHA1

833078f509ba850a3c5749ca85765cdf82c7829b
SHA256

c6e390886c74801bb4c1ca4b917a1882bf5726d057d960962e3d0c7dcf9d97fc
SHA512

8a3005e474808e1ddddc885be0e9a53ee886a57bd9817fb2333d4f7ac0efcecd3129e6b97ea47c4af07a6667fbfa157ad0634a925e501fe16b7dff929bdbd3bb
SSDEEP

768:qXCTSy3MxTfGye2dVBt4yd2Jb8Isx1MA4aV7PI:qX7/TfGye2gbh8lxBPI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70192ad9d60b27b59432322cd6802384

Files

70192ad9d60b27b59432322cd6802384
.exe windows:4 windows x86 arch:x86

388ca28e155f18cfe6cafe69f68fcce8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetModuleHandleA
CreateProcessA
GetWindowsDirectoryA
DuplicateHandle
GetCurrentProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetComputerNameA
WriteFile
VirtualFreeEx
GetFileSize
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
SetFileAttributesA
ExitProcess
GetCommandLineA
ReleaseMutex
CreateMutexA
SetFileTime
GetFileTime
ReadProcessMemory
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
Sleep
CloseHandle
WaitForSingleObject
CreateRemoteThread
GetSystemDirectoryA
GetProcAddress

user32

FindWindowA
wsprintfA
GetWindowThreadProcessId

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA

msvcrt

strlen
atoi
strchr
__CxxFrameHandler
_EH_prolog
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
strcat
_strnicmp
memcpy
free
malloc
strcmp
strncpy

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MCTeam
Size: 512B - Virtual size: 512B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE