8e67fd749c42995286b8652a6c558c0b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8e67fd749c42995286b8652a6c558c0b
Size

49KB
MD5

8e67fd749c42995286b8652a6c558c0b
SHA1

1fdb6db430ff4ce7450e5f20d813af5785caddf2
SHA256

bd2a3784efc879c3ba32f2e82a50fae0604c0f4d8b318bd1a8ce46c78b2e9604
SHA512

f02858cd54908f30f9739bda540cb50a0739a40a56a91bcafed9041a6c32c3b18d5c19752f0c007a5a7042dbb246f7d61c2a8570a04fa5c5969ff038c946917c
SSDEEP

1536:HYBYYj+/geXXPzy/ps1VGjJBMQ10aK8UmRcUF4I5:HY7JOklcyN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e67fd749c42995286b8652a6c558c0b

Files

8e67fd749c42995286b8652a6c558c0b
.exe windows:4 windows x86 arch:x86

32b10465f6e59b604a92e1f6b80ccc3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetShortPathNameA
CloseHandle
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
CreateProcessA
ReadFile
lstrcpyA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcessId
GetCurrentProcess
SetFilePointer
CreateFileA
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
Process32Next
Process32First
CreateToolhelp32Snapshot
CompareStringA
lstrlenA
lstrcatA
GetSystemDirectoryA
WriteFile
GetFileAttributesA

user32

wsprintfA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ