9bd06780daa7a9a15ed4298253971702 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9bd06780daa7a9a15ed4298253971702
Size

20KB
MD5

9bd06780daa7a9a15ed4298253971702
SHA1

eab5b01de7e13a8bda54abe90e1422c8d9f79c59
SHA256

a9201e78442c689f5124ea5599f1028025b503ec36a2a61dee57f76df9a00407
SHA512

62efff29daa0c222e9a19d8fece9be63cc33e0a69665646f11bd82c79b73da8b7dc9b15cb53e76797e8aabfe0145c301cafca1f9d50b086837adc25d868e17b2
SSDEEP

384:8t4aV/xs2j85zgAxtNEF4QlE2Ex+ZTPj:EXYlFx8agVEIB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bd06780daa7a9a15ed4298253971702

Files

9bd06780daa7a9a15ed4298253971702
.exe windows:4 windows x86 arch:x86

33cb3b2f8b3651633d1c39e6330dedcf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetModuleHandleA
ReadFile
SetFilePointer
GetModuleFileNameA
lstrcpyA
lstrcatA
GetTempPathA
LoadResource
lstrlenA
CopyFileA
GetSystemDirectoryA
UnmapViewOfFile
GetProcAddress
LoadLibraryA
GetCurrentThreadId
MapViewOfFile
CreateFileMappingA
Sleep
GetLastError
CreateMutexA
LockResource
SizeofResource
SetFileAttributesA
CreateFileA
WriteFile
CloseHandle

user32

PostMessageA
GetMessageA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ