ba5cb6f547b8e23290a0554837987cf1 | Triage

Sharing

General

Target

ba5cb6f547b8e23290a0554837987cf1
Size

25KB
MD5

ba5cb6f547b8e23290a0554837987cf1
SHA1

492d35a6acb3ec843462b9b1ca44881dc3e68540
SHA256

ec8d7236a2774f22bdf7a77b8ca67deb47f654c7d4872d11b8d9389e1927c2d3
SHA512

678d636eaf50fe9ad9a0ee5a0e80df89baa9355301ff2e57d48c9f8fc9eb3a011539b74f13e96ad958f4b416d4d241dcbb77696605395d95cfa3b70522816bf0
SSDEEP

384:VJOzbbEjCe97qj7jARi/tyRtn+wUCoWeW7WpeOODpWLoWDshmkC0GJsJxXSoVcGg:VO2BQceatnBUzeAtMmkLGKZSh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba5cb6f547b8e23290a0554837987cf1

Files

ba5cb6f547b8e23290a0554837987cf1
.exe .js windows:4 windows x86 arch:x86 polyglot

ec80d0ac7c51d7b67e822d80a08e5347

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
TerminateProcess
OpenProcess
WriteFile
GetSystemDirectoryA
WinExec
GetTempFileNameA
GetTempPathA
Sleep
GetFileAttributesA
SizeofResource
GetModuleHandleA
LoadResource
FindResourceA
DeleteFileA
GetModuleFileNameW
GetPrivateProfileStringA
WaitForSingleObject
ResetEvent
CreateEventA
OpenEventA
CreateThread
GetModuleFileNameA
GetWindowsDirectoryA
OutputDebugStringA
IsBadReadPtr
GetCurrentProcess
GetLastError
LoadLibraryA
GetProcAddress
lstrcmpiA
LockResource
CloseHandle

advapi32

StartServiceA
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
LookupPrivilegeValueA
QueryServiceStatus

msvcrt

_stricmp

shlwapi

SHDeleteKeyA
StrStrW
PathAppendA
StrStrIA

Sections

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ