8e12ca1e286e4fe759a597f3045461e5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e12ca1e286e4fe759a597f3045461e5
Size

105KB
MD5

8e12ca1e286e4fe759a597f3045461e5
SHA1

338e1a6f7ea57ef396cf176be4c6b423f90acaad
SHA256

ca0862fb1d8042cfb05c712be3b9367c85571134fdf99b112916ec346956552c
SHA512

acd9893ef062c6544aa07c5ad20caff63eb4da89af01439ffeaef301df20af7ac090e0a85c40918599af0089434c7cc77093942cac5abdf46848e781cc94ebf8
SSDEEP

1536:tZJLbo10BdjdrnqIFo/ZRKc6soGZJLbokKZjnTH:tZJLboQdrnqIFIZR6JGZJLbPGTH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e12ca1e286e4fe759a597f3045461e5

Files

8e12ca1e286e4fe759a597f3045461e5
.exe windows:4 windows x86 arch:x86

c280d33790136fc5b1e28d73c4b32b55

Headers

Imports

kernel32

FreeLibrary
GetCommandLineA
GetCurrentProcess
GetLastError
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetVersionExA
CopyFileA
LoadLibraryA
LocalAlloc
OpenProcess
Process32First
Process32Next
RtlUnwind
RtlZeroMemory
Sleep
TerminateProcess
VirtualAllocEx
WinExec
CreateRemoteThread
WriteProcessMemory
lstrcatA
lstrcpyA
lstrlenA
CreateToolhelp32Snapshot

advapi32

LookupPrivilegeValueA
ChangeServiceConfigA
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA
OpenProcessToken
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

crtdll

_itoa
__GetMainArgs
_sleep
_stricmp
_strupr
exit
fclose
fopen
_beginthread
fwrite
raise
signal
strcat
strchr
strcmp
strstr

Sections

_Y��G
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE