ada1aeed2ecf2e9c5fcc12ef8e59d513 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ada1aeed2ecf2e9c5fcc12ef8e59d513
Size

8KB
MD5

ada1aeed2ecf2e9c5fcc12ef8e59d513
SHA1

63efae846373f71cfcada4d9b4964d29cb77364b
SHA256

a292270c9aacadc338270101c3e0884941b961636b8f870e4def571944037094
SHA512

317c29db626eb02082e4101d4d36d693a3f78fa8a0688fe9c91a9765b6142571d48afe43540ef67f3f17d8f074ffeb03dccee8bdda48f834ef53ab1d1b4172a2
SSDEEP

192:AxHAMqBoY4Gh4gs0HIZ+DqrkS+goFxf3C3Lk47fqu3:cqB5h4gs0HIRJ+goFVS7k4jH3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ada1aeed2ecf2e9c5fcc12ef8e59d513

Files

ada1aeed2ecf2e9c5fcc12ef8e59d513
.exe windows:4 windows x86 arch:x86

4c9b83bbfe6f0b1d29cbdb6dde5792b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

kernel32

AddAtomA
CopyFileA
CreateMutexA
ExitProcess
FindAtomA
GetAtomNameA
GetCommandLineA
GetDriveTypeA
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
SetFileAttributesA
SetUnhandledExceptionFilter
Sleep
WaitForSingleObject

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
fclose
fflush
fopen
fprintf
free
getenv
malloc
signal
sprintf
strlen
strstr

shell32

ShellExecuteA

user32

MessageBoxA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE