b822ba0fbb6388a01efaa3cf45f8e701 | Triage

Sharing

General

Target

b822ba0fbb6388a01efaa3cf45f8e701
Size

36KB
MD5

b822ba0fbb6388a01efaa3cf45f8e701
SHA1

1579b181b6d92810d1eac2b2b4ef13755e62970e
SHA256

e68dac719f4a5ed6588571f260e426df791f29c68e70342c9206838d24c1da5c
SHA512

e3dfe1005e56fbd3888037cda43de77e5b8dac86c14603983d974ccf6c8ad30ccb493c1776a3c80146cae367ab44d2ea149afba74802835f7585435376fca0ac
SSDEEP

384:6c3nZkW+olPybdCBHTlpBBhFat3tuOgyKj8IvAxKBZ:6cX6W+oNyw5fO67j8HxKBZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b822ba0fbb6388a01efaa3cf45f8e701

Files

b822ba0fbb6388a01efaa3cf45f8e701
.exe windows:4 windows x86 arch:x86

4432887e1b49d5a7dd534460db59e295

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
WaitForSingleObject
Sleep
GetModuleFileNameA
GetExitCodeProcess
GetFileAttributesA
MoveFileExA
lstrcatA
GetEnvironmentStrings
HeapDestroy
GetVersionExA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
lstrlenA
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

WaitForInputIdle

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE