73129edaa071af78bec390de8c42dd20 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

73129edaa071af78bec390de8c42dd20
Size

24KB
MD5

73129edaa071af78bec390de8c42dd20
SHA1

333ac91b3bafbf555dc5b0530774a176770a4576
SHA256

f81b06bbaa81d0060650fc29754f91e60da40ab40fe35dce27e48edbd5900d88
SHA512

1d373e13ec81854b8106bed8bf2e94e2baa403dd3b5ad71c60238daeff2f27fe47e4ee4d0df61446a05b4c73b6778f5582e3b38ec0a320aa9d444029a701a96b
SSDEEP

768:MB0arOQ3Rmrplab7ND2Jqv87BCyAZgL+A:/QeMFOqEcaL3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73129edaa071af78bec390de8c42dd20

Files

73129edaa071af78bec390de8c42dd20
.exe windows:4 windows x86 arch:x86

559398b1246f3c18c513f21a971018a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetVersionExA
GetModuleFileNameA
WaitForSingleObject
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
CreateProcessA

user32

CharLowerA

msvcrt

malloc
strstr
free
fclose
_filbuf
ftell
fseek
fopen

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE