d626b667486c6ddced08ecb55e84e1e6 | Triage

Sharing

General

Target

d626b667486c6ddced08ecb55e84e1e6
Size

96KB
MD5

d626b667486c6ddced08ecb55e84e1e6
SHA1

41483f0cb2245129c9324611ba762c5a1522755a
SHA256

d489552e1c10f65611d40edcb06057fd1f5f3ec27756d5b52b89de0c7082a819
SHA512

2d05cbe06f848bd41d510b6b4f1d550e51866b5dbd83d1391e6d7770241cd873c82d7c0db3d18c341fcaab944632b7a01ebd19361c2d176585087f1b679aade5
SSDEEP

1536:UtUwkLjHf9U7k67ZBUS6h2jerEKUCOzq5kBzQdhBwfrB:Nw0ZU7F7ZBUS6h2jerfv5YKhCDB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d626b667486c6ddced08ecb55e84e1e6

Files

d626b667486c6ddced08ecb55e84e1e6
.exe windows:4 windows x86 arch:x86

c476e5bc65535ad60c7b25dec379d9c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

NtCallbackReturn
ZwSetLowWaitHighEventPair
ZwAccessCheckByTypeResultList
RtlxAnsiStringToUnicodeSize
RtlSetGroupSecurityDescriptor
RtlQueryEnvironmentVariable_U
ZwMakeTemporaryObject
RtlInitializeRXact
NtUnlockFile
isupper
RtlConvertToAutoInheritSecurityObject
RtlFreeUnicodeString
RtlSetAttributesSecurityDescriptor
NtReplyPort
isalpha
NtUnloadKey
NtSetDefaultHardErrorPort
RtlFindSetBits

Exports

Exports

Qaacglefxf
Mitdxqv
IsPbgolehy
Glucjvsmssu

Sections

.ldata
Size: 4KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ