d729a6373e9c8f0f69660c2d08df14fc52d0518b86766af162c60424c7db2507 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d729a6373e9c8f0f69660c2d08df14fc52d0518b86766af162c60424c7db2507
Size

63KB
MD5

6ddf712c63bad8029d2e1b596677d1bc
SHA1

b54d0e0c162fdba658d2ffe8baf8933c55a6d2bd
SHA256

d729a6373e9c8f0f69660c2d08df14fc52d0518b86766af162c60424c7db2507
SHA512

22f6800736838a4bcb8b528aabc6b5101442943135fb77343ad447b3c1583205bcb08b44254381dca6f960cdacd9c3648536fea32d37290ebfc9114ad5e3ad6d
SSDEEP

768:AJTESkimYnpKzijyKFzNlwcbZguZe3+2X/8Txz2EhsHubjQ6cI48XgIY5h171aPB:SB7cus3+O/8hhu2xI7dS7i5bmPuC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d729a6373e9c8f0f69660c2d08df14fc52d0518b86766af162c60424c7db2507

Files

d729a6373e9c8f0f69660c2d08df14fc52d0518b86766af162c60424c7db2507
.exe windows:4 windows x86 arch:x86

3ba2fc76f7ae54ca0cda527563f5efea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QuirkIsEnabledWorker
LoadPackagedLibrary
BeginUpdateResourceA
LZOpenFileW
CreateMutexExA
EndUpdateResourceA
BaseFlushAppcompatCache
TermsrvCreateRegEntry
GetProcessAffinityMask
TermsrvAppInstallMode

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE