e18a2498ac66c049bf2a94172937b068 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e18a2498ac66c049bf2a94172937b068
Size

130KB
MD5

e18a2498ac66c049bf2a94172937b068
SHA1

9df2bbfde3b089edf62b16ee7e351ebc2677f293
SHA256

16f705f36be298adda6627960d1e4726793ed57884af5e494a04e28318b025a6
SHA512

c19ab49fd6e132c28047434d1d4ae0e70d038eb87872dc80ccb71ddbbac60279ddfb081915d9b82d73422073ccd4528ae5965b22955d6ff85905e46d78cea0f8
SSDEEP

1536:l1OUvAJcwMZOsOtn4SYwvLLtnGgpykqfc9kXR4iYVi+vqE8taJvm6CSQ687:l0aTZOHeUvvtz0kqfwM4id+LvmG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e18a2498ac66c049bf2a94172937b068

Files

e18a2498ac66c049bf2a94172937b068
.exe windows:4 windows x86 arch:x86

3cb69aad9cc97f2d0e73575490316efd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
Sleep
CloseHandle
FreeConsole
SetLastError
PulseEvent
FindClose
LoadLibraryExW
GetDiskFreeSpaceExA
GetModuleHandleA
GetCommandLineA
GetDriveTypeW
EnumResourceTypesA
GetDateFormatA
TlsGetValue
LocalFree
GetLastError
DeleteCriticalSection
IsBadCodePtr
IsBadReadPtr

advapi32

IsValidSid
LsaFreeMemory
RegCreateKeyExA
CloseTrace
RegCloseKey
OpenEventLogA
LsaSetSecret
RegLoadKeyA
GetFileSecurityA
AccessCheck
CloseEventLog
FreeSid
LsaClose
RegCloseKey

clbcatq

SetSetupOpen
GetComputerObject
ComPlusMigrate
DowngradeAPL
GetCatalogObject

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ