e149fd0faa846211868c7913cea9ce72 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e149fd0faa846211868c7913cea9ce72
Size

92KB
MD5

e149fd0faa846211868c7913cea9ce72
SHA1

3aa7d48b1cde56183d468bdc4c8626cfbe96b83d
SHA256

7158d34f79c060c9b6346c1998023bd690e5527ccb1e4ec9780ba72ec6b0145e
SHA512

4085dc3276609a6562b4ab7103e9e01912b79aa364b22b35e55f2e70e85cd328471c650ee4952c663b106bb72385a0c768d64ec7b8b5cc08fe98b1513bfe68ef
SSDEEP

1536:EE4MDnA9iOXMgJgBtQDQFaIB3X8LYm1hzQ3Blez:ELMs4OXDJfQFaIxX6Y2hzak

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e149fd0faa846211868c7913cea9ce72

Files

e149fd0faa846211868c7913cea9ce72
.exe windows:4 windows x86 arch:x86

845b91089a1611bd140404cba26d81ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

ZwQueryIoCompletion
RtlLengthRequiredSid
RtlEmptyAtomTable
RtlNewSecurityGrantedAccess
ZwQueryDefaultUILanguage
LdrQueryImageFileExecutionOptions
ZwOpenSymbolicLinkObject
_i64toa
RtlGetOwnerSecurityDescriptor
NtOpenSemaphore
RtlEnlargedUnsignedMultiply

Sections

.gdata
Size: 4KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ