9f36c242265b50fc08eab3ad98af9b901bd9649c2e96efb612636d8804a208fd | Triage

Sharing

General

Target

9f36c242265b50fc08eab3ad98af9b901bd9649c2e96efb612636d8804a208fd
Size

6KB
MD5

6a9cc686a55b072de0e663a5ad2500ee
SHA1

3f34713848b379db587a8d59950c5e2f66a8a722
SHA256

9f36c242265b50fc08eab3ad98af9b901bd9649c2e96efb612636d8804a208fd
SHA512

4c49d7f933fc13a9d94b7943edbc08a6f7408040fbe108ff635a9e2806bfa1cf8552d987dfb2d645654d890ef1dd9c159f051c7cc5ae62d01925785e910b8bdf
SSDEEP

96:RcOos0Udhh6FGAqKzPZdzCDXsZLF+amEd7mtoB4MTcWdi6cZkqAwMVthBb:RGsLh07LtZLF+Zm4MTcWdi6CkqlG9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f36c242265b50fc08eab3ad98af9b901bd9649c2e96efb612636d8804a208fd

Files

9f36c242265b50fc08eab3ad98af9b901bd9649c2e96efb612636d8804a208fd
.exe windows:4 windows x86 arch:x86

2a09380ab84c6a55cffa97d03159a1c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\twegele\documents\visual studio 2005\projects\pe_lab_\release\pe_lab_.pdb

Imports

msvcr80

__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
__p__commode
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_unlock
printf

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ