9ba04d982d053f9c75dcce4557a2da24 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9ba04d982d053f9c75dcce4557a2da24
Size

69KB
MD5

9ba04d982d053f9c75dcce4557a2da24
SHA1

9874409cccbeaa5f42b0431dc9cbce0c6da5e674
SHA256

e2eb182a5819f12727b23e1ef28bd776060a285ec230fd10f8176d858a7ab76b
SHA512

92bc84132336973772ab701a2ff152600b1845dcdc7b6b7a081a867b64116e1cdc91ce3e466ee9738fe7adcba4275a14a336d425be1fb3ac5e4f81745035adf6
SSDEEP

1536:eaFmUZkY53VL3DE7+P1Q0cjHw++3xoC/CbnQ4AnQscajM3:eWVXE7ucjQ+ua+cQ4EQDau

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ba04d982d053f9c75dcce4557a2da24

Files

9ba04d982d053f9c75dcce4557a2da24
.exe windows:5 windows x86 arch:x86

7a402799bef326a6ffb4a1a9aa077ecc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
GetProcAddress
LoadLibraryA
DeleteFiber
RtlMoveMemory
AssignProcessToJobObject
CreateNamedPipeA

user32

TrackPopupMenuEx
MapVirtualKeyW
AnimateWindow

gdi32

OffsetClipRgn

advapi32

IsWellKnownSid
LsaFreeMemory
GetUserNameW

Exports

Exports

guqcfihxm
kcfczivkifakg
mnvpgwqh

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 763B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ