2a9bf696f1af170e0e1b5ede752a1578[.]exe | Triage

Sharing

General

Target

2a9bf696f1af170e0e1b5ede752a1578.exe
Size

4.1MB
MD5

2a9bf696f1af170e0e1b5ede752a1578
SHA1

96b9f6c7398fc9c0cc44534dfabe08f0583baf3a
SHA256

d8f0a37788e14306d6f5a6b15417aec0c76d08fd9c788871ad50a9ac7cd6c73f
SHA512

8236468322838e166fe46614dd0f90c576031ef55abfd79b249def9d320bd89b277bf3b7c84bf669480b0504637d1b93b565be5d17eae6065d2418604c25c80d
SSDEEP

98304:alO2xqX9gK/NBJMYpntAecuJ4hLm0amUXzEnk4:a82x3KHJMOAecuJ4hLGmd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2a9bf696f1af170e0e1b5ede752a1578.exe

Files

2a9bf696f1af170e0e1b5ede752a1578.exe
.exe windows:4 windows x64 arch:x64

e4a8172b80d7ea86eeba3123e2be5bfe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
GetLastError
CreateMutexA
LoadLibraryA

user32

MessageBoxA
wsprintfA

Sections

.data
Size: - Virtual size: 12.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ