703dca419a83ab06ea5f82d3a5d38ad7 | Triage

Sharing

General

Target

703dca419a83ab06ea5f82d3a5d38ad7
Size

119KB
MD5

703dca419a83ab06ea5f82d3a5d38ad7
SHA1

6e94a538ceb7c3449b87bf9764f4f16677737312
SHA256

02e8bf1e5e17fdc1c75f0e07fb7cd84008b3bfcde2da4adec35700c752f63faa
SHA512

683450fd881f289acac9cd39006416a3d9eb2c7f06db74587b759e587085b25bd124c223d30c49bfe427f618c8f9646793d6182e0bcb15638ec5d154731e6529
SSDEEP

1536:m63A+0rInl1Krmw19vFgL0EqbivrALV1f84spjVrs2ryrd1vUQuqSSqK5tnCvv:D3UIl1Kr7bCL6N1f4Hs2qxnC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
703dca419a83ab06ea5f82d3a5d38ad7

Files

703dca419a83ab06ea5f82d3a5d38ad7
.exe windows:4 windows x86 arch:x86

cf805d478fc083c5700f408e07e56da1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetBinaryTypeA
GetOEMCP
OpenProcess
LZCloseFile
CreateNlsSecurityDescriptor
DecodePointer
ReadProcessMemory
Process32First
FindAtomA
GlobalUnWire
ZombifyActCtx
EnumResourceTypesA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.brdata
Size: 63KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE