c2916e8024060cb3b6950ad02b79fb585681b697566bdd04f28270d7339e3579 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c2916e8024060cb3b6950ad02b79fb585681b697566bdd04f28270d7339e3579
Size

119KB
MD5

5cecc53e12109b09085b3742fc40ca2e
SHA1

a710ecf4ae1673061a2621dd50e28c80395e1c56
SHA256

c2916e8024060cb3b6950ad02b79fb585681b697566bdd04f28270d7339e3579
SHA512

e6980d51c32336c1fc0eba210394fdc5f8f546ac6ef26589ac1d06650fab89911e07fb4a15fcb10fdeb0561ec817309061687f9fa1b90dcb1ccd3460f2725c83
SSDEEP

3072:6NsoOFSShNASw+mlsUcEcqJephRHRQpWrRFbw6:WsxVpw+wsUcf9phPnE6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2916e8024060cb3b6950ad02b79fb585681b697566bdd04f28270d7339e3579

Files

c2916e8024060cb3b6950ad02b79fb585681b697566bdd04f28270d7339e3579
.exe windows:4 windows x86 arch:x86

84fb21d81286d9acb883febccb18e59b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LZSeek
FlsGetValue
WerRegisterFileWorker
BasepCheckWinSaferRestrictions
GetNumaNodeProcessorMaskEx
WerpLaunchAeDebug
ExpungeConsoleCommandHistoryA
CreateJobObjectW
GetConsoleAliasW
FindNextVolumeMountPointW

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE