8aed78e3227057f8a6de7369af2a2fa9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8aed78e3227057f8a6de7369af2a2fa9
Size

79KB
MD5

8aed78e3227057f8a6de7369af2a2fa9
SHA1

db222ac68495bf42d4db6eb524156b25f5eaee12
SHA256

e6e30817348dd3be58ebfd901dd49b6dc4d77f52b2431642e763267b34947f09
SHA512

e3f0034040595ac0277e45bcce5d4e53e076aac3a022d8c210c1920e64216fa278b1f775503599d475f1bee61f3d8d2ddf922030f1a7ec7a3a8a006506793b76
SSDEEP

1536:nboyqt6UDSBXbZVlm1x/FIpPNPh6pWJykkB8QLe08FjjXVCPIVXO3eMY:nsVP2BXbPq/Fw1h6pWpkB8908hjlCwXr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8aed78e3227057f8a6de7369af2a2fa9

Files

8aed78e3227057f8a6de7369af2a2fa9
.exe windows:4 windows x86 arch:x86

76957165bfe25466e879469df026538c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
RegEnumValueA
QueryServiceConfigA
LookupPrivilegeNameA
OpenProcessToken
GetLengthSid
AddAce
RegDeleteKeyA
RegSetValueExA
GetSidIdentifierAuthority
CreateProcessAsUserA
RegQueryValueExA
EqualSid
SetTokenInformation

gdi32

SetTextAlign
Ellipse
RectInRegion
SelectObject
SetBkColor
CreateFontIndirectA
GetObjectA
StartPage
CreateRectRgn
MoveToEx
SetMapMode
GetTextExtentPoint32A
CreateCompatibleDC
CreatePen

ole32

OleSetClipboard
CoGetStdMarshalEx
CoRegisterPSClsid
CoInstall
OleDuplicateData
CoCreateGuid
OleCreateLinkFromData
OleSetMenuDescriptor
OleCreateLinkEx
BindMoniker
OleGetAutoConvert
OleRegEnumVerbs
CoReleaseServerProcess

kernel32

VirtualQueryEx
GetCommandLineW
WriteConsoleA
lstrcpynA
GlobalUnlock
lstrcatA
PulseEvent
GetCurrentProcess
SetEvent
OutputDebugStringA
InterlockedDecrement
CreateProcessA
lstrlenA
GetConsoleOutputCP
IsValidCodePage

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ