759b67085af970aed9eb02006d2dfb0a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

759b67085af970aed9eb02006d2dfb0a
Size

92KB
MD5

759b67085af970aed9eb02006d2dfb0a
SHA1

d85e3d2654c92f3e558264e32db87a84ef47a2a3
SHA256

7bfc054800e3dbdef35822314b8b0cf5b57d5091762f09b6f220964fb0724435
SHA512

8da1f0ceba6ce26b427641adc0f24c9bf364358bd6456dbbdd6b1e095ee7f21562cc07c30d10a9e45d2fe4000d08b8af25902e2bb1261341e2e7e012039e72d7
SSDEEP

1536:xCmTR8hvPE/F3XvwLDkNppDHTJtBthvF4Bfp5B6xmLRY5Z3GvQwvc+pTG:Z1MPE/FwDepDHD1+GxaRGZ3GowU+5G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
759b67085af970aed9eb02006d2dfb0a

Files

759b67085af970aed9eb02006d2dfb0a
.exe windows:4 windows x86 arch:x86

3d364e2bdca3adf3c51637f223f2dc24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
FindClose
HeapFree
SetConsoleNlsMode
InterlockedExchangeAdd
HeapLock
GetShortPathNameA
SetEnvironmentVariableA
lstrcmp
WriteConsoleOutputCharacterA
GetSystemDefaultUILanguage
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlLockHeap
strncat
NtDeleteFile
NtCreateFile
NtWriteFile

Sections

.text
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WEIJUNLI
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ