bfa645ba66a70c1fb1673050b7075e1a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfa645ba66a70c1fb1673050b7075e1a
Size

18KB
MD5

bfa645ba66a70c1fb1673050b7075e1a
SHA1

b0b46a752ded88a12311679c7363803c97261e19
SHA256

b3190b7831d6a17202064a228fcac1ddcc08496a1eb3781158ef6dd7107a4179
SHA512

cd3f0c580fbdf0d0d85dcf0feded341c011f6a2a7e156bf22c93967d20855e5b3b93a028cec35d78b18a55fe1d0c46376ef6fefa4bd1b7af9dd4721f9d29008e
SSDEEP

384:X5LtWWGgakg7Ch39wdQiqUcWMVyRpQAT:VtWWJEehNwN9pLpl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfa645ba66a70c1fb1673050b7075e1a

Files

bfa645ba66a70c1fb1673050b7075e1a
.exe windows:4 windows x86 arch:x86

80028027a1c1a05734de568d75013408

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_chkstk
ZwOpenSection
ZwClose
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwSystemDebugControl
_vsnprintf
isalpha
memset
ZwQuerySystemInformation
strstr
strlen
_stricmp
memcpy
RtlUnwind
NtQueryVirtualMemory

kernel32

GetSystemDirectoryA
GetVolumeInformationA
SetProcessAffinityMask
CreateFileA
HeapAlloc
HeapFree
VirtualFree
GetProcessHeap
GetCommandLineA
Sleep
TerminateProcess
MultiByteToWideChar
GetLastError
GetProcAddress
VirtualAlloc
LoadLibraryA
GetSystemInfo
GetModuleHandleA
SetThreadAffinityMask
GetVersionExA
CloseHandle
GetComputerNameW
DeviceIoControl
GetTempPathA
DeleteFileA
CreateProcessA
LocalFree
GetCurrentProcess
GetCurrentThread
GetProcessAffinityMask
CreateMutexA

user32

CharLowerA

advapi32

GetUserNameA
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE