c316ee247eb00d14356e29091df1444f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c316ee247eb00d14356e29091df1444f
Size

297KB
MD5

c316ee247eb00d14356e29091df1444f
SHA1

7b87b104e5fe4dc8fbcbfdcfdfbc43ec499567f3
SHA256

4da5b5682ba32d61ddcbf6c9bcee5f3661f7bbb36d41410b48e9bc33cb8df48f
SHA512

9e700a346e7f2ceeb6ff1e1cd758bce71567f7eb5fb66c709c933636bdf64e9fbab1ee1f421fe261fba38469c2c7dac94f726141b9b4a58bdb708b2ef6862187
SSDEEP

3072:JQ03oIu3mzSYvJwORWWEzs1RnGG5dmZVRonDV06Nw8szAfTlkCuls666uqYUjQ+t:rqsVJH5gun3V+s66MjQ+2hm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c316ee247eb00d14356e29091df1444f

Files

c316ee247eb00d14356e29091df1444f
.exe windows:4 windows x86 arch:x86

258f8fc18a5fc95ab57d0bf5cf3d2d80

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
GetDriveTypeA
lstrlenA
GetDiskFreeSpaceA
LocalFree
GetComputerNameA
SetEvent
CreateThread
FindAtomA
SetLastError
SuspendThread
GetCommandLineW
GetExitCodeProcess
CreateFileA
GetSystemTime
GetModuleHandleA
GetTickCount
CloseHandle
LoadLibraryW
GetFileAttributesA

advapi32

RegQueryValueA
IsValidSid
RegCreateKeyExA
CreateServiceA
RegCloseKey
RegDeleteKeyA
IsTokenRestricted
CloseEventLog
GetUserNameA
RegEnumValueA
GetFileSecurityA
GetLengthSid
RegEnumKeyExA

dsprop

CheckADsError
MsgBox
ReportError
FindSheet
ErrMsg

powercfg.cpl

CPlApplet

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ