8d2f9df8ee8a05ca1aa2e22cf93d0fa2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d2f9df8ee8a05ca1aa2e22cf93d0fa2
Size

7KB
MD5

8d2f9df8ee8a05ca1aa2e22cf93d0fa2
SHA1

ffb88ba222f6a7605542430e6303899215839e89
SHA256

df7ea2b79d7b78c5c3aaf09bbcf5831ad8e7589edec251937bd4d1a96e4b4c4a
SHA512

d1cbbf0b7249fd7323d327afcea43682404c18eeab1b061bc727b50726a3c68f82d90f7de473c56dffebaa41c6a456dbf2d82af22c1c06e3d0ced1cf7c71a8cb
SSDEEP

192:4p8XTF0Fiv8RDH6+twHklZNHa3D58Pr3R3t:Ug8RDa1QNHa3N8Prh3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d2f9df8ee8a05ca1aa2e22cf93d0fa2

Files

8d2f9df8ee8a05ca1aa2e22cf93d0fa2
.exe windows:4 windows x86 arch:x86

3fc74a9351810366d31e98d51dc8a4a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrRChrA
SHDeleteKeyA
StrCmpNA

iphlpapi

SetTcpEntry
GetTcpTable

kernel32

Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
TerminateProcess
OpenProcess
CreateThread
GlobalFree
lstrcmpA
lstrcatA
Process32Next
GetWindowsDirectoryA
Sleep
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
CreateProcessA
FreeLibrary
CloseHandle
LoadLibraryA
GetModuleFileNameA
GetTickCount
lstrlenA
CreateFileA
GetModuleHandleA
GetCurrentProcess
FlushFileBuffers
ReadFile
VirtualAlloc
VirtualFree
GetSystemDirectoryA
GetProcAddress

user32

wsprintfA
ExitWindowsEx

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegFlushKey
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
AdjustTokenPrivileges
RegCloseKey
RegDeleteValueA

shell32

ord680
SHGetFolderPathA
ShellExecuteA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE