a40d2d2ae36842d55ff49dd24974bc45295ed321a5b96d8011d82aa7b123e54c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a40d2d2ae36842d55ff49dd24974bc45295ed321a5b96d8011d82aa7b123e54c
Size

63KB
MD5

03bfd63f0bb28aae1b1e5ce8a0c67c52
SHA1

afa16cdc830a04120a6cda3ac245919f5a81498b
SHA256

a40d2d2ae36842d55ff49dd24974bc45295ed321a5b96d8011d82aa7b123e54c
SHA512

a315dab9e0bd99965082643dd9da4b4fc6f7cc853476450ab7aad52a855cdbe15651713ac37a83f73239765b05f9f06ff142568495ee9da8d1ba43c693b729ad
SSDEEP

1536:Y42prXsOarEb6M3/VjfDzrYPuuzrD3SueQ5UWssNnYQ1Yg:5i8yb66R3rY2uz6u3VssNzyg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a40d2d2ae36842d55ff49dd24974bc45295ed321a5b96d8011d82aa7b123e54c

Files

a40d2d2ae36842d55ff49dd24974bc45295ed321a5b96d8011d82aa7b123e54c
.exe windows:4 windows x86 arch:x86

7491b2c835abd744e154108441e21d14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileTransactedW
GetFullPathNameTransactedW
GetApplicationRecoveryCallback
PssWalkMarkerGetPosition
GetEnvironmentStringsA
Wow64SuspendThread
QuirkIsEnabled2Worker
GetVolumeNameForVolumeMountPointA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE