de9f0c3da3827e91b60c4ccb26e47899 | Triage

Sharing

General

Target

de9f0c3da3827e91b60c4ccb26e47899
Size

130KB
MD5

de9f0c3da3827e91b60c4ccb26e47899
SHA1

e60754b1506a0470c270618c512ba90cb074413a
SHA256

d716afe93918da2f408db800513670599f1e7baa38df05c8b369552761b6a7fd
SHA512

74ec6ebf1b4bec75a8344f1c14b4b34b9ae9f6b0eeacac2db7d703b5e5cca55737f97ca52cad3bd7bf905d632a3ae804bc3708c13ab8c9b88860ed014936f147
SSDEEP

1536:W5seI/y2xlCWubdW8t08xUfFQkd1Z5AXzEzU3xQGzrV3A3wqoYS/dfEAwYPEACL2:WQfCdLUaA10jEQWG3luwlBvPV4JCJB7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de9f0c3da3827e91b60c4ccb26e47899

Files

de9f0c3da3827e91b60c4ccb26e47899
.exe windows:4 windows x86 arch:x86

21fe899ccaab271222eb1bc6f72322c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
SetLocalTime
GetDriveTypeW
GetLastError
ResetEvent
VirtualProtect
LoadLibraryExW
IsBadStringPtrA
SetLastError
GetModuleHandleA
TlsGetValue
FreeConsole
CancelIo
GetCommandLineA
IsBadReadPtr
GetDiskFreeSpaceExA
GetDateFormatA
EnumResourceTypesW
CloseHandle
FindClose

advapi32

CloseEventLog
CloseTrace
GetLengthSid
RegCreateKeyExA
GetFileSecurityW
RegCloseKey
RegEnumKeyExA
LsaFreeMemory
OpenEventLogA
AccessCheck
LsaClose
IsTokenUntrusted
FreeSid
RegCloseKey

hnetcfg

HNetFreeSharingServicesPage
DllGetClassObject
DllRegisterServer
HNetDeleteRasConnection
HNetGetSharingServicesPage

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ