8d9261a43f30320d0a468b160da43b99 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d9261a43f30320d0a468b160da43b99
Size

822KB
MD5

8d9261a43f30320d0a468b160da43b99
SHA1

a3a7a89ef7b933ee881a518d54a78cbe46601e1d
SHA256

4f53910705492781493ef2fef7e4e22333045487748a2c4cd8ac5af602b7bfdd
SHA512

34b529d7f94c80aeb4fd8891efef5fe332934ab5f2fd2a99454ec335150bbb4ec263505d74f7cb025a66d03b2ec5b77074c386969375456543dac29ec305df03
SSDEEP

12288:jAEY9ki0/8h/zEwgecn98FSXFBVg8pWUF+hpDA4nGvscLR/31EQ8UYPcv/2Uh1BB:jAEYZ0i/Awgec7XFzVBz04NA6/2Ip

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d9261a43f30320d0a468b160da43b99

Files

8d9261a43f30320d0a468b160da43b99
.exe windows:4 windows x86 arch:x86

c3aaa5c88033697542954f6749f87084

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
lstrlenA
GetACP
CloseHandle
GlobalFree
VirtualAlloc
GlobalSize
GetCommandLineA
GetExitCodeProcess
InterlockedExchange
GetPrivateProfileIntW
ResumeThread
ResetEvent
CreateMutexA
GetEnvironmentVariableW
GetDriveTypeW
GetModuleHandleW
WriteFile
FindVolumeClose
LocalFree

advapi32

RegEnumKeyA
RegCreateKeyExA
RegQueryValueA
LsaClose
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
IsValidAcl
IsTextUnicode
CreateServiceA
IsValidSid
ControlService
ClearEventLogA

avicap32

videoThunk32
videoThunk32
videoThunk32
AppCleanup
videoThunk32

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 812KB - Virtual size: 812KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ