d374d9dc642a12cae3d2064387602f4d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d374d9dc642a12cae3d2064387602f4d
Size

92KB
MD5

d374d9dc642a12cae3d2064387602f4d
SHA1

d6ff2ba3b0b3692fbc8b162803385faa3017697b
SHA256

cab8ce421945f2c873ce369bbfb3160df0e19fa2f8b0da00f6541c22ca3b4dde
SHA512

5703f6c821f333d7d7ce9750b11f4c1980579a31b927e06ea55b786807b737c8374461cb9576ac84ae22c721db39f63304da7876b7b9c03907e38fcba0755688
SSDEEP

1536:TeX37eGmdzednUiZW0k1mz6xS9oQZOyX2TE4Vhcmvwc:TeX37edix9Zwmh9row2Y4Vhcmwc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d374d9dc642a12cae3d2064387602f4d

Files

d374d9dc642a12cae3d2064387602f4d
.exe windows:4 windows x86 arch:x86

25b766bfd8417498f5b6d1a2c945acbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
SetLastError
SetConsoleTextAttribute
GetConsoleAliasExesA
GetProfileSectionA
ResetWriteWatch
IsBadWritePtr
QueryInformationJobObject
GetCommandLineA
GetUserDefaultLangID
SetConsoleMode
IsBadCodePtr
FillConsoleOutputAttribute
CreateJobObjectA
EnterCriticalSection
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

RtlZeroHeap
vsprintf
NtLockFile
strstr
NtReplaceKey

Sections

.rdata
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.adata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

weijunli
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ