ca17bdd686b9d0f7fecfa651caa2f2c9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca17bdd686b9d0f7fecfa651caa2f2c9
Size

370KB
MD5

ca17bdd686b9d0f7fecfa651caa2f2c9
SHA1

abde6fcdec3c8721c7a57de07665ecf69bf52ffd
SHA256

cb7db432dbdd68005efe74f43aa9990a04025230cd2ab0ae8d15ec120e8d4eb5
SHA512

f8fd426a0f3de995feffed53ca5702e6ac4addcdaae7df01d589db523281372a2cff7345fdbcb8c92f0ed2f5b072778697b2bf844573fd484bfb905a76190fbd
SSDEEP

6144:7s4uobHFR4dL5TKXSKItFyGxzftkVnzUhQ+5cK3eYO24eOLSyHYEwZdnEvt+691n:4+8naqXM94hENGOLrYEwZdne+691iTIF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca17bdd686b9d0f7fecfa651caa2f2c9

Files

ca17bdd686b9d0f7fecfa651caa2f2c9
.exe windows:4 windows x86 arch:x86

48ecc77bf3de44d9641312d0c2c696a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamAddMemberToAlias

msvcrt

wcslen
wcscpy
wcscat
wcstoul

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc

advapi32

RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromGUID2

netshell

NcFreeNetconProperties

ntdll

NtAllocateVirtualMemory

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE