1a1184357683c518992d0ca26a904e98ad1955acee5c6c5386108875a013c972 | Triage

Sharing

General

Target

1a1184357683c518992d0ca26a904e98ad1955acee5c6c5386108875a013c972
Size

24KB
MD5

d9d8f0e3622183a0d2051cf3afb3d0a2
SHA1

e8a209ae9878e978232328420cdd72d7e14476d8
SHA256

1a1184357683c518992d0ca26a904e98ad1955acee5c6c5386108875a013c972
SHA512

18eecf31534422f242e217c960323e68a572e4ce21e210c0ddfaff2345ee4e242c1e1043f2b63a15d9be7006383ea75a5c0cb28481b94962b9c84207a70b5003
SSDEEP

384:ix1E2hj4EOQ+Xc4KnA1SJAQrOZCreeeeeeeeWeeeee9MMqGrmpGPdCzI:irEbvM7nAcreeeeeeeeWeeeeejPdCzI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1a1184357683c518992d0ca26a904e98ad1955acee5c6c5386108875a013c972

Files

1a1184357683c518992d0ca26a904e98ad1955acee5c6c5386108875a013c972
.exe windows:5 windows x86 arch:x86

ba03a823eece07bb2188e5d52fa18a70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW
StrCmpNW

ntdll

_chkstk
RtlUnwind
NtQueryVirtualMemory
wcsstr

kernel32

CreateThread
ExpandEnvironmentStringsW
CreateMutexA
GetLastError
ExitProcess
lstrcpyW
DeleteFileW
FindNextFileW
QueryDosDeviceW
FindClose
lstrcmpW
GetModuleFileNameW
GetLogicalDrives
GetDriveTypeW
Sleep
ExitThread
GetFileSize
CreateFileW
CloseHandle
FindFirstFileW

user32

wsprintfW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ