804177b1c65de7835210e60e7552bfd4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

804177b1c65de7835210e60e7552bfd4
Size

333KB
MD5

804177b1c65de7835210e60e7552bfd4
SHA1

b7d14f1fe19880b8e0da303f337f1b07c406e9d5
SHA256

739ce3bbd01c84c932b5cf4131a37439a7830316dbb2f09d2a848f4eceda2178
SHA512

1f6e158c116fc47676800df68efec4c93f7b9a06031ab2a73fdddd4e8ea3a94fbb252e113dd7c479da34634f6c38ebd0bcbf1224f15758ea36502225049ad26c
SSDEEP

6144:ngIW4JMsvY8nHmKGuRvvFuSJvbWjw960RDvbjJD2VJq4r+G:gMJMGmVuRvdnJvbWjw9601bqBf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
804177b1c65de7835210e60e7552bfd4

Files

804177b1c65de7835210e60e7552bfd4
.exe windows:4 windows x86 arch:x86

b2f92e151b604a0c59c20b7089df0ea2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
GetDiskFreeSpaceA
ResumeThread
DeleteCriticalSection
CreateHardLinkA
HeapDestroy
GetLastError
SearchPathA
GetThreadLocale
VirtualProtect
GetStartupInfoA
ReleaseMutex
GetTickCount
ExitProcess
GetModuleHandleA
CloseHandle
SetEvent
Sleep
TlsGetValue
lstrcmpiA

advapi32

FreeSid
CloseTrace
LsaFreeMemory
IsValidSid
RegEnumKeyExA
GetFileSecurityA
LsaSetSecret
OpenEventLogA
RegCreateKeyExA
CloseEventLog
LsaClose
AccessCheck
RegCloseKey
RegLoadKeyA

cfgmgr32

CM_Delete_Range
CM_Add_Range
CM_First_Range
CM_Add_IDA
CM_Get_Child

shell32

DragQueryFileA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ