d6f67afe0eefaa67ce99bcef7f085030 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6f67afe0eefaa67ce99bcef7f085030
Size

9KB
MD5

d6f67afe0eefaa67ce99bcef7f085030
SHA1

d1b03c1102a0032052a4fdb620f90909addb41f5
SHA256

057bd32b0bd3537c9c8cf7d49779750b498fc83ec42c3e8cc23a32b147deb272
SHA512

ec70c77e1690faa0a47c6028a4bc3f5394041af59c9a4839ebe053b81e171070cd2fd1ceae84ae7746ed993a0a846b24ddbc46d1319a5ca56280a1293e36bc51
SSDEEP

192:X/7/8nuVZOfQplXQtke+vTZ3deqgzB1t1xy1t35HCREHxbw:X/7/UuDqOytke+13deqeBV01t35k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6f67afe0eefaa67ce99bcef7f085030

Files

d6f67afe0eefaa67ce99bcef7f085030
.exe windows:4 windows x86 arch:x86

c3fa48857e35ab312f075ba1dbb64c51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ContinueDebugEvent
ExitProcess
GetPrivateProfileStructW
HeapReAlloc
OpenFileMappingA
SearchPathW
TlsFree

advapi32

AllocateAndInitializeSid
BuildImpersonateExplicitAccessWithNameW
CloseEventLog
CryptEncrypt
CryptReleaseContext
EnumServicesStatusA
GetPrivateObjectSecurity
GetSecurityDescriptorLength
OpenEventLogA

user32

CloseDesktop
GetClipboardSequenceNumber
GetKeyboardType
GetMenu
InSendMessageEx
LoadCursorFromFileW
MessageBoxExW
ShowWindowAsync
TrackMouseEvent

shell32

DllGetClassObject
ExtractAssociatedIconW
ExtractIconResInfoW
ExtractIconW
PrintersGetCommand_RunDLLW
SHAppBarMessage
SHFormatDrive
SHQueryRecycleBinA
SheFullPathA
ShellAboutW
ShellExecuteA
ShellExecuteExA

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE