ca395c7b6d7b4dd8c336fe1bd219f365 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca395c7b6d7b4dd8c336fe1bd219f365
Size

24KB
MD5

ca395c7b6d7b4dd8c336fe1bd219f365
SHA1

12621255ea87f3e314caacd559c677fde1bbebfc
SHA256

5b530349fd65982758c0e0991a76bdccf3b318a02f68609e4b6d848a93cc8714
SHA512

e117c7aa84b1f5d22d8a2b36fa34e5f64e99f88aab1a4d533eef2bf944fb8b41b371557bea2ecefcbfa8ce4606f9876cc2db55abe12b09c74077c1f09b15f21d
SSDEEP

384:Sdu6U04IZdwYKcUfhHekCzDaTlCoBEF2:2u6UArwYKcxkCzDGNBE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca395c7b6d7b4dd8c336fe1bd219f365

Files

ca395c7b6d7b4dd8c336fe1bd219f365
.exe windows:4 windows x86 arch:x86

c7c5022bf7ad7c4e951e293e657cf7ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetModuleHandleA
GetCurrentProcess
VirtualProtect
GetModuleFileNameW
DeleteCriticalSection
CreateFileW
GetCurrentThreadId
ExitProcess
GetModuleFileNameA
GetCurrentProcessId
CreateThread
GetLastError
GetProcAddress
GetModuleHandleW
EnterCriticalSection
DisableThreadLibraryCalls
LoadLibraryA
CloseHandle
CreateEventW

advapi32

AreAllAccessesGranted

shlwapi

StrStrIA
StrChrA

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 798B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ