9292a0988b5beb1704bfa1cf6a30983581e21c248943182fb5a3f219e74b5706 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9292a0988b5beb1704bfa1cf6a30983581e21c248943182fb5a3f219e74b5706
Size

12KB
MD5

d8155610c25e96639badd45fe8b6b8dd
SHA1

2542864f18accd3390d3f204f77fb013489406a9
SHA256

9292a0988b5beb1704bfa1cf6a30983581e21c248943182fb5a3f219e74b5706
SHA512

6d2d2e1c761910df36ab44697931463cca9c9a1171d3720d683c890fd1949386236b1f47aec8c1670cd374fbeae182615450b62b311c3af83c397e55680b232c
SSDEEP

192:mdAT5zdQAMK6nCk4ccEb1D7zUQU/YFn24LSwWlJdxqHeYr4/:rXQxvezGWwWlJj+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9292a0988b5beb1704bfa1cf6a30983581e21c248943182fb5a3f219e74b5706

Files

9292a0988b5beb1704bfa1cf6a30983581e21c248943182fb5a3f219e74b5706
.exe windows:4 windows x64 arch:x64

20b6f0f601a8d4e2c32ce82718f194c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

memset
printf
memcpy
memmove
rand
wcslen
strcmp
srand
strtol
_wsystem
_vsnprintf
_vsnwprintf
__set_app_type
_controlfp
__argc
__argv
_environ
__getmainargs
exit

kernel32

FileTimeToSystemTime
GetProcessHeap
HeapAlloc
HeapSize
HeapReAlloc
CreateFileW
GetLastError
Sleep
WriteFile
HeapFree
CloseHandle
SleepEx
GetCommandLineW
ExpandEnvironmentStringsW

ntdll

NtQuerySystemInformation
RtlGetNtVersionNumbers

winhttp

WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle

bcrypt

BCryptEnumProviders
BCryptEnumRegisteredProviders
BCryptFinishHash
BCryptGenRandom
BCryptGetFipsAlgorithmMode
BCryptQueryContextConfiguration
BCryptRegisterConfigChangeNotify

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ