89c5b369142e8d9fb772cddbd3ed25f5 | Triage

Sharing

General

Target

89c5b369142e8d9fb772cddbd3ed25f5
Size

17KB
MD5

89c5b369142e8d9fb772cddbd3ed25f5
SHA1

f7221d2d20f1f4559554f75e5cd5dfd02ff38b62
SHA256

2102399e096ed9df1879890e957529f9484274c50a5dd3e6aaacf71eab12a378
SHA512

510d157724da03fb9bcb9928290288db8041c100d904bbdc00dc259d76510f89299c6ce6a0f9160ad6f833793e6ede2a53dc1d75ac83f491035c0df1d6082786
SSDEEP

384:htEEEcq8CIofVzYRWhsXVbCDVGgKTfsjt:hMIS/sXVb3PTot

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89c5b369142e8d9fb772cddbd3ed25f5

Files

89c5b369142e8d9fb772cddbd3ed25f5
.exe windows:4 windows x86 arch:x86

e96ee9099367f2edbd820941bab134d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
WriteFile
LockResource
CreateFileA
LoadResource
SizeofResource
FindResourceA
GetSystemDirectoryA
GetModuleFileNameA
GetWindowsDirectoryA
lstrlenA
DeleteFileA
VirtualFreeEx
lstrcatA
HeapFree
FlushInstructionCache
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
HeapAlloc
GetProcessHeap
ReadFile
GetFileInformationByHandle
GetModuleHandleA
LocalFree
lstrcpyA
IsBadReadPtr
MoveFileA
GetCurrentProcessId
TerminateProcess
OpenProcess
WaitForSingleObject
CloseHandle

user32

MessageBoxA

advapi32

GetUserNameA
SetSecurityInfo
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
GetSecurityInfo
SetEntriesInAclA

shell32

ShellExecuteExA

msvcrt

strncpy
_snprintf
strstr
??2@YAPAXI@Z
strlen
strcpy
strcat
fwrite
rand
memcpy
memset
free
strtok
malloc
memcmp
fclose
fread
fseek
fopen

ntdll

ZwCreateSymbolicLinkObject

Sections

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ