7bc92d08b1f597d7cc1297a9ed871625 | Triage

Sharing

General

Target

7bc92d08b1f597d7cc1297a9ed871625
Size

100KB
MD5

7bc92d08b1f597d7cc1297a9ed871625
SHA1

1462caf6d06365976bff57adb00892138f07d528
SHA256

8f73e9490b6c4ea4ac1d30ee724282dee158578963243adee833ffa9716f307b
SHA512

c0cbcd0b633c9693357c6412f3e684dae31f48f6dfe49dfac7cf119b8d35c843ec492f250dfe34458b1591800bb088fdbaecd89f80e0bae4296f9ef4e75eb8b0
SSDEEP

3072:I2gq63fmBLLgy44lAirgnYECG24RYc8z:I2gqQfq3gxuAbYdG9kz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bc92d08b1f597d7cc1297a9ed871625

Files

7bc92d08b1f597d7cc1297a9ed871625
.exe windows:4 windows x86 arch:x86

d8aca8dee416289e7d09123a947f003c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlDestroyAtomTable
RtlImageNtHeader
ZwTerminateJobObject
RtlValidSecurityDescriptor
ZwVdmControl
NtCreateDirectoryObject
ZwMakeTemporaryObject
wcsstr
ZwQueryQuotaInformationFile
NtSuspendThread
ZwCancelIoFile
NtFsControlFile
ZwSetSecurityObject
RtlUnicodeToMultiByteSize
NtWaitLowEventPair
RtlSetUserFlagsHeap
NtCancelIoFile
RtlLargeIntegerDivide
NtReleaseSemaphore

Exports

Exports

CloseDycbciwsbl
OpenGcegwyjcg

Sections

.kdata
Size: 4KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ