be62c7e9603e6190c672d97eea00a28c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be62c7e9603e6190c672d97eea00a28c
Size

330KB
MD5

be62c7e9603e6190c672d97eea00a28c
SHA1

69b7246b23286d3dced81e78531ab3684b9caa92
SHA256

a094478d63d2fd9e652af514b22c4774bb93ba8f3cfa0e6e1d25e776a83e4f44
SHA512

45e00f12c3b8c8c8959595e6c6c53ed7a149342abc4a08b34fafa79ade1c167e089113349593a66b58a46014cd3dcde7f95949772ca0e003a500dfddafa60725
SSDEEP

6144:t/g/J/B+Qk2vz3ajZymcd9gfkyPRoazSnnDmThBHtfuQOYtemkw/0:t/g/J/B+hJjZQURnmnDm9BHvOY2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be62c7e9603e6190c672d97eea00a28c

Files

be62c7e9603e6190c672d97eea00a28c
.exe windows:4 windows x86 arch:x86

794c3c004f8a1ef5f9a2918339bcfe3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
SetLastError
IsBadStringPtrA
GetLogicalDrives
LocalFree
TlsGetValue
SetLocalTime
FreeConsole
GetLastError
GetModuleHandleA
IsBadReadPtr
GetCommandLineA
VirtualProtect
FindClose
CloseHandle
Heap32First
ResetEvent
CancelIo
GetDiskFreeSpaceExA
EnumResourceTypesW

advapi32

RegCloseKey
RegEnumValueA
FreeSid
RegCreateKeyExA
LsaClose
RegEnumKeyExA
LsaFreeMemory
CloseEventLog
RegDeleteKeyA
GetFileSecurityW
RegQueryValueA
IsTokenUntrusted
GetLengthSid
RegCloseKey

hnetcfg

HNetFreeSharingServicesPage
HNetGetSharingServicesPage
DllGetClassObject
DllRegisterServer
HNetDeleteRasConnection

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ