adbb9db81af6c623a143164c30e7faa7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

adbb9db81af6c623a143164c30e7faa7
Size

27KB
MD5

adbb9db81af6c623a143164c30e7faa7
SHA1

68452876f78400f08d6f1bdeb7c05672dbb4f6a9
SHA256

3538e77e13ad08d16d761593b8d2d7e35db0fbb03fe14d0ef5d07753d3a18b71
SHA512

b8e80040dcfd3e0caee91b0a21b2f1168d42bd7fc3b5e7df67cf8d66afbdfc0a8654f5fa3f346a5253eec44fd6f9426e6538b44075b9b55afdcddc0b65eb9a6a
SSDEEP

768:1+M4hsTiUJojnFY999999b6m99999DM999gOuN3aciux67MTsf:h8kiUJL999999b6m99999DM999t3u4Mm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
adbb9db81af6c623a143164c30e7faa7

Files

adbb9db81af6c623a143164c30e7faa7
.exe windows:4 windows x86 arch:x86

70e04087558c5cdea40e5c3902d31ff7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\Programmieren\Codesoft Releases\_NEW BETATEST\Trojka_Crypter_2.0\Nyktalgia Version\release\stub.pdb

Imports

kernel32

Process32First
lstrcpyA
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
lstrlenA
GetProcAddress
LoadLibraryA
Process32Next
GetFileSize
lstrcatA
LocalAlloc
LocalFree
CreateProcessA
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
Module32First
Module32Next
lstrcmpA
Sleep
ExitProcess
UnhandledExceptionFilter
TerminateProcess
RtlUnwind

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyExA
GetUserNameA
RegQueryValueExA

shlwapi

PathFindFileNameA

Sections

.f0Gx
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ