de42073eff6b9b12313915ad12c13bdb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de42073eff6b9b12313915ad12c13bdb
Size

49KB
MD5

de42073eff6b9b12313915ad12c13bdb
SHA1

abdb4edbb0a4e4f6895be22e7002bd6979d0200b
SHA256

7661a4ebd3fad6e1e7deea20ae713c747db4942f086a5d3b664915db75185534
SHA512

df5d391a2c63ed478516622073ddcfcc7016c323000fe009c036988e047c011c7b01f6ce3f290a2d053b12baab89ea70955abafafb844c6aca6f62f68cba2c5b
SSDEEP

768:DLok1hAc9mH2U8f17/mq/egr20MxrW1ulNp5iWBcFsAAKwqcp5uwZfWvuC55:Dl1N9zx1aq/egxMxbVPcpdQu2C5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de42073eff6b9b12313915ad12c13bdb

Files

de42073eff6b9b12313915ad12c13bdb
.exe windows:1 windows x86 arch:x86

0ac27304a700665e2fc4e6c3b857aac2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateRemoteThread
CreateToolhelp32Snapshot
ExitProcess
GetSystemDirectoryA
LoadLibraryA
OpenProcess
Process32First
Process32Next
VirtualAllocEx
WriteProcessMemory
_lclose
_lcreat
_lwrite
lstrcatA
lstrcmpiA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

Sections

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE