273c0318a68c9a8f639460812965269934ad5ee059da696da89dd1ef2c2eac5c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

273c0318a68c9a8f639460812965269934ad5ee059da696da89dd1ef2c2eac5c
Size

92KB
MD5

31dea390d586ebc894469a5ba2027285
SHA1

339782c896ee3494401db86f862bc5068ff93e06
SHA256

273c0318a68c9a8f639460812965269934ad5ee059da696da89dd1ef2c2eac5c
SHA512

dea86ed41a7a303c31d0ee8b2d380eb5b162d7c4731e4a53958833662270643a7695620a151ac99ce520f15efc7174f5792fa0469784f05df97bc961403cea6b
SSDEEP

1536:bFMM2foLueikx3yrRjDlBZVERJCmnQGi1yDCy9hQwiaqH+ZPaqLhO:f2fmuei6CJ4kmn/icvhQwkuhd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
273c0318a68c9a8f639460812965269934ad5ee059da696da89dd1ef2c2eac5c

Files

273c0318a68c9a8f639460812965269934ad5ee059da696da89dd1ef2c2eac5c
.exe windows:4 windows x86 arch:x86

bf16bf396271f882bd71ff420e4ba6e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GlobalUnlock
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

strcmp
RtlValidSid
RtlRegisterWait
ZwReadVirtualMemory
ZwOpenIoCompletion
NtQueryMultipleValueKey
__iscsym
NtQueryQuotaInformationFile
RtlCheckRegistryKey
RtlCreateAtomTable
ZwSetInformationFile
RtlImageDirectoryEntryToData
NtAdjustGroupsToken
RtlUnicodeToOemN
RtlQuerySecurityObject
ZwQueryMultipleValueKey

Exports

Exports

ReadSnrjtodhup
CloseAmpngurrqng
IsWdshaxyauu

Sections

.ldata
Size: 4KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_PAGELK
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ