7915a7d92977e5cfb4d0b24d0d50609d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7915a7d92977e5cfb4d0b24d0d50609d
Size

204KB
MD5

7915a7d92977e5cfb4d0b24d0d50609d
SHA1

e6818cb2bced9d2462904f74b54fbf8b7946e378
SHA256

e0324c70ebda20eae6a5bb309a929bd7e7e5927561f1f39ad3503a0b175b5342
SHA512

62009ff40d3bd49d72a86501d9c85678d153a1e29c4f77b9c92db78a6118f22a527e28133ec1e5339704596d28b1f716ea6056ef6bf3eb07f631e1409db0b7f1
SSDEEP

6144:TgYz13b72YfWeY8Vec3fMl0nwK+N4KxSG8:kur72YfA80c3fMOoNFgG8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7915a7d92977e5cfb4d0b24d0d50609d

Files

7915a7d92977e5cfb4d0b24d0d50609d
.exe windows:4 windows x86 arch:x86

1dad3ea9dba56c6b711539ced93cf260

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetCommandLineA
OpenThread
GetVolumePathNameA
QueryInformationJobObject
SetInformationJobObject
GetFullPathNameA
DeleteTimerQueueTimer
VirtualAlloc
UnlockFile
FindFirstVolumeMountPointA
CompareStringA
GetCommandLineA
GetProcessShutdownParameters
GetStringTypeExA
SetFilePointerEx
DeviceIoControl
InterlockedExchange
IsBadReadPtr
GetDriveTypeA
ExitProcess
DeviceIoControl
GetModuleHandleA
GetConsoleFontSize
Heap32ListFirst
GetCommandLineA
GetVersionExA
SetThreadIdealProcessor

ws2_32

send

Sections

.itext
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 160KB - Virtual size: 830KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ