9c191187363fee4a2f1405ed0d161d8c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9c191187363fee4a2f1405ed0d161d8c
Size

29KB
MD5

9c191187363fee4a2f1405ed0d161d8c
SHA1

65bf42a96fb844563c8d09e342d8f210c90edd46
SHA256

32fa10b569c483d97ba657374f5d5ad504451198800c73b2154eee411763c240
SHA512

6fe3427bdf6872cf2b9df4da869392005a4ee42960fce21c5f1dd3374849a4b1f08003c848a21a8256bf9e9685c7511c204471850413a00f2b6646777a2ccaed
SSDEEP

384:wAkkN6PLOBQCRt4iWn1mNSqMz0FVonCk5n6sVi4AR+khBonUDXSSipKLAij79x8e:Tk2ewthRpZDk5n7JkzDMijbldzuO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9c191187363fee4a2f1405ed0d161d8c

Files

9c191187363fee4a2f1405ed0d161d8c
.exe windows:4 windows x86 arch:x86

86991acdbe8cb5f21ce17c05513a9f8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
IsBadStringPtrA
HeapDestroy
GetCurrentThread
GetModuleHandleA
ResumeThread
lstrcmpiA
GetCommandLineW
GetFileTime
VirtualQueryEx
SetConsoleCtrlHandler
HeapFree
ExitProcess
CompareStringW
LoadLibraryA
SetThreadAffinityMask
GetSystemDirectoryA
GetProcessAffinityMask
WaitForMultipleObjects
GetEnvironmentStrings
GetConsoleCP
TlsSetValue
Sleep

user32

DefFrameProcA
GetKeyState
IsDlgButtonChecked
GetPropA
SetFocus
LoadImageA
DeleteMenu
CheckMenuItem
GetCapture
BeginDeferWindowPos
SystemParametersInfoA
SetWindowTextA
TrackPopupMenuEx
DrawEdge
OffsetRect

msvcrt

_access
qsort
_XcptFilter
realloc
_wcslwr
wcsstr
memcpy
_vsnwprintf
_controlfp
memset
bsearch
free
_vsnprintf
strspn
strchr

advapi32

CopySid
IsValidSid
RegCreateKeyExA
RegConnectRegistryA
GetLengthSid
AddAce
SetTokenInformation
GetKernelObjectSecurity

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ