aa1a390d7046156fc27ab8578dbf8c12 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aa1a390d7046156fc27ab8578dbf8c12
Size

12KB
MD5

aa1a390d7046156fc27ab8578dbf8c12
SHA1

ebfbe78a9ef8d99d9970c522908f3bd9553e7148
SHA256

efa210f0baaa333001ce0d9f6efbd6cbae4882bd9e72cf57d49eb00556155472
SHA512

c1e65ab990a0ab5fa94f19c5355aa3830fd7920c207876da0223d39e77dcd9fc78fb94e4c80d53e961aa7f8756978ce29aec2a5d04e7bbc8fb8b7570db84b183
SSDEEP

192:D6LA+HqZ2h5ca5+Ygx0eOtmvoFXmsUYAlKo0vlypF3q7/O86:D6M+HqZ2h5N+YgzCRVlyp9qzz6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa1a390d7046156fc27ab8578dbf8c12

Files

aa1a390d7046156fc27ab8578dbf8c12
.exe windows:5 windows x86 arch:x86

54804ec924842829fb1cab8bd02cab15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
CreateFileA
MoveFileExA
WriteFile
GetSystemDirectoryA
lstrcatA
GetLastError
lstrcmpiA
MoveFileA
GetModuleFileNameA
WinExec
CloseHandle
lstrcpyA

user32

CopyIcon
SetSystemCursor
LoadCursorA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ