a459da45eae0931433745f72245d7624 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a459da45eae0931433745f72245d7624
Size

85KB
MD5

a459da45eae0931433745f72245d7624
SHA1

3de5fbd441c88cafbeef1f61f5762d46d49f08ad
SHA256

ed2d3e73d8a3d8caf9a8f713dbe62a747c885b62c403d25ef8513f39bc91a0b9
SHA512

78e11ec80b2dd8ebd04f5e107e5007bdb1b1ff8274415414e7d888f53bce0230ed53aa99faf7c23ab3d9a91323bfdaa39f60349b8d5623c4a77d2656298e3f57
SSDEEP

1536:UFgpPX33v8X4yq/vKkiF3MVXsJTydbguo:UFgp/33v83qKF3MyTAE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a459da45eae0931433745f72245d7624

Files

a459da45eae0931433745f72245d7624
.exe windows:4 windows x86 arch:x86

9d9f24127493349d64b5f88e4d384f9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCalendarInfoA
FindAtomA
lstrlenA
DeleteCriticalSection
SetEvent
ReleaseMutex
GetModuleHandleA
FindResourceExA
GetDiskFreeSpaceA
FindVolumeClose
CreateThread
GetTickCount
FindClose
Sleep
TlsGetValue
ExitProcess
SearchPathA
VirtualProtect
CloseHandle
GetLastError

advapi32

IsValidSid
GetFileSecurityA
LsaClose
LsaFreeMemory
LsaSetSecret
OpenEventLogA
FreeSid
RegCloseKey
RegLoadKeyA
RegCreateKeyExA
CloseTrace
RegEnumKeyExA
CloseEventLog
AccessCheck
RegCloseKey

msdtcuiu

DllGetClassObject
DtcPerfCollect
DtcPerfClose
DtcPerfOpen
DllRegisterServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ