f950d0acb046f94e16efdef858c9145e5e6cd8af8c6908841a3ad64aba7427a5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f950d0acb046f94e16efdef858c9145e5e6cd8af8c6908841a3ad64aba7427a5
Size

63KB
MD5

857f7018555e7cfe7c0e91da4d0ee799
SHA1

2177cdd340740f3376cb901d117380a62bfa39c2
SHA256

f950d0acb046f94e16efdef858c9145e5e6cd8af8c6908841a3ad64aba7427a5
SHA512

b5c0a543e075df9e17f333c893c7cf388258bb077b01d6f6607837bcbaca0a23d1696a69ff049ae39c9394a6449db6c90b7bacded9c6e0758f33da488842ccfc
SSDEEP

1536:wHiQNNt7XCweF8GTUICa5L9AycKmYQ/+FAjJMJwHztn:+iQNPXCwifTnJ5+ycK8/vjGJG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f950d0acb046f94e16efdef858c9145e5e6cd8af8c6908841a3ad64aba7427a5

Files

f950d0acb046f94e16efdef858c9145e5e6cd8af8c6908841a3ad64aba7427a5
.exe windows:4 windows x86 arch:x86

19f9c86570a8d02bc94b4066d0b1a305

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ZombifyActCtx
QuirkIsEnabledForPackage3Worker
BasepAppXExtension
WritePrivateProfileStructA
AddLocalAlternateComputerNameW
IsWow64GuestMachineSupported
CreateDirectoryW
UpdateResourceA
GetSystemWow64DirectoryA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE