e0036eb64b8d15566725d71c6b62a380 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0036eb64b8d15566725d71c6b62a380
Size

101KB
MD5

e0036eb64b8d15566725d71c6b62a380
SHA1

08b4fba9c58199805481afd9af562a5ae148ee04
SHA256

19604b3a257079c81cacad2346e40cff6a500d887d8b37d566deabbb421b9230
SHA512

066f3156470225500af8b5ed9656bd64474a0b98822751acc168bb210453c7d4c7630fc05c9fa8f68f6d81f61872b6e7e593a68a52c35a1fdcae99393839783d
SSDEEP

1536:/+r/qYRhCzsQbWJxCSkCOV0xexnwb1fHZNtHzrC8TBx16dyJtYQvdLJ7bGpQABCL:ISEQ/79wJflHzmCBx16d1QHap5zY4I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0036eb64b8d15566725d71c6b62a380

Files

e0036eb64b8d15566725d71c6b62a380
.exe .pdf windows:4 windows x86 arch:x86 polyglot

0fd75817e88bc985535ca2b23c86ca86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
GetTempPathA
CreateFileA
GetModuleFileNameA
GetModuleHandleA
ReadFile
OpenProcess
GetLastError
GetCurrentProcess
GetCurrentThread
lstrcatA
WriteFile
CloseHandle
TerminateProcess
WinExec

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken

shell32

ShellExecuteA

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE