9a7da26ab7b6ce2cd70645172f9b9f61 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a7da26ab7b6ce2cd70645172f9b9f61
Size

92KB
MD5

9a7da26ab7b6ce2cd70645172f9b9f61
SHA1

ec70d387dca2717579cb1be96a94f6111bc8fd1e
SHA256

8450ed494fd69111526701c7a39a279bfc74dfa0a04b9c9be790c2e05a0d25d8
SHA512

356ae8bb7dd1de80af9f73bb15a391ec5cee4fdfb67f4b098535b8ae4fc57cb3603bfffa46fae245a6af2e8f5a7e66f3ecb69f1a9d087f7f9b2a6dcae999dce1
SSDEEP

1536:u2X9RetenOL/iyT2666ylPtxQsCpTJDNGrntu7CPXtk2f:u2X97EiyT26UPbQsCpTJ076mf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a7da26ab7b6ce2cd70645172f9b9f61

Files

9a7da26ab7b6ce2cd70645172f9b9f61
.exe windows:4 windows x86 arch:x86

79bab1901d4dad7ac037337eb9dbea7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
DeleteFileA
WaitForSingleObject
SleepEx
ProcessIdToSessionId
BuildCommDCBAndTimeoutsA
IsValidLanguageGroup
InvalidateConsoleDIBits
EscapeCommFunction
SetConsoleMode
RtlFillMemory
GetLogicalDrives
LocalSize
VirtualQuery
GetCurrentThreadId
GetCommProperties
TryEnterCriticalSection
EnumDateFormatsExA
CreateMailslotA
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlLockHeap
strncat
NtDeleteFile
NtCreateFile
NtWriteFile

Sections

.text
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WEIJUNLI
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ