dfe3abf2086f7be170fcc5050eafd26f | Triage

Sharing

General

Target

dfe3abf2086f7be170fcc5050eafd26f
Size

21KB
MD5

dfe3abf2086f7be170fcc5050eafd26f
SHA1

cef1b97517e78d43b0d2b406e027ff9653d659f0
SHA256

e222c48118a58925eb06f304ca7466d66540322308cb01c7dc06d4e6f3e921f1
SHA512

ccca86ca83908b2525b4e5203157f0075c168e55c862d7d1f76195b5e404ed17427b5e3e799c6e68c8a2903009ff02120e4ee02c0e94c8f7e0cc67ab12f460d6
SSDEEP

384:m+T7LhhTiWS4mWDqb6dg6CYLITXADw08wCBaKHIjMl/gXKTFT7KDiVV:X7LjnLg6CYLITWw08RBaKHIwlY6pyDiV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfe3abf2086f7be170fcc5050eafd26f

Files

dfe3abf2086f7be170fcc5050eafd26f
.exe windows:4 windows x86 arch:x86

9ae430500547dc16c977454967c9e75b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAdjustPrivilege
NtQueryDirectoryFile
NtAllocateVirtualMemory
RtlAddAccessAllowedObjectAce

rtutils

TraceDumpExA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE