bc98170b44b30f1b447ce280526336ba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bc98170b44b30f1b447ce280526336ba
Size

15KB
MD5

bc98170b44b30f1b447ce280526336ba
SHA1

72bc29142f8b8f7bf07c699f9fabb59ab34d12d8
SHA256

ec38139768941399ce4a6e281ccb38a2c2bfc315a04f10204c6871b9f6604992
SHA512

d83a0c39685010b893eb1910767429d5f3606dc01382fd3e8bbff5f2b82d226352853544cab2f60e728922e5111757a65013e9fb1cc4864364733ef41b49d3e5
SSDEEP

384:EQ48Q+omBM93tV2PMbCTGD5b9dYVebsYLQ38P:EKVoYwOMbCTG5oqV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc98170b44b30f1b447ce280526336ba

Files

bc98170b44b30f1b447ce280526336ba
.exe windows:1 windows x86 arch:x86

0b473a935900c05cbc527dbc69bdff82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
UnmapViewOfFile
GetFileSize
GetVersion
CreateFileMappingA
MapViewOfFile
Thread32Next
lstrcmpiA
WriteFile
OpenProcess
ExitProcess
VirtualAlloc
GetCurrentThreadId
VirtualFree
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
CreateFileA
Sleep
LoadLibraryA
ReadFile
DeleteFileA
GetProcessHeap
GetProcAddress
LoadLibraryExA
HeapAlloc
GetVolumeInformationA
GetSystemDirectoryA
lstrcat
CloseHandle

msvcrt

wcsstr
wcslen
_strnicmp

user32

wsprintfA

Sections

.code
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE