bf021e00cda7d35fbaa5b46ab5b0bad2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf021e00cda7d35fbaa5b46ab5b0bad2
Size

217KB
MD5

bf021e00cda7d35fbaa5b46ab5b0bad2
SHA1

980b45872c76a475079c0e38a65d684eba0c0acd
SHA256

72381d397b09e752f7cdb89b2e15e3a38d35d69f2d4274e9b754d67fd1da2477
SHA512

228af052adc6e541c65787d297f203bb8925a2c70fb802ee6a90c84307b96805379073632a9d2eeddf6a210da4666d275839a2a14d3e0e122a93b1f7645a8bd2
SSDEEP

3072:cuEWfK74CXembum3xBDHHCQkcYbqrQ1vyH:cuEWfvDA1BVHHcaH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf021e00cda7d35fbaa5b46ab5b0bad2

Files

bf021e00cda7d35fbaa5b46ab5b0bad2
.exe windows:4 windows x86 arch:x86

5da9b98651368bdbe6e04ccb76b8e4e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
ExitProcess
lstrlenA
GetCurrentProcess
lstrcmpiA
GetProcAddress
CloseHandle

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.srdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE