994e2665ddd57ce1906011aa394bed78 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

994e2665ddd57ce1906011aa394bed78
Size

132KB
MD5

994e2665ddd57ce1906011aa394bed78
SHA1

7d7da3d308e9d9dab86b32999541705145cb002a
SHA256

786c73a8523ea85cfca10ddd301a443e35106611345b0687ce611414a2378dc2
SHA512

f4ec3d739533b8ac24ca549cf69cb248601c7473de179e1a4ee4b7328c791d547688f5bcdad6ad3926d2bb0046e88c0dc71f6132f3feab6ae39968c0f0ec9327
SSDEEP

1536:3QC+/7nJCBVCDirXIcAcBn9GzfnhyJUse5TRCq8G26rfb46nfD:3Qz7nJCvCmrYmV4zfnhyokv/Ur7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
994e2665ddd57ce1906011aa394bed78

Files

994e2665ddd57ce1906011aa394bed78
.exe windows:4 windows x86 arch:x86

abec0f07684ee7ea02c02765b46f1f54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetWaitableTimer
_lcreat
FoldStringA
ReplaceFileA
LocalFree
SetNamedPipeHandleState
TermsrvAppInstallMode
VirtualAlloc
SetVDMCurrentDirectories
GetPrivateProfileStructA
ReadFile
InterlockedDecrement
FreeConsole
lstrcmpi
GetCommandLineA
ExitProcess
GetStartupInfoA

Sections

itext
Size: 8KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ