6c66a83aa53613b7d12e5953161f0a00N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6c66a83aa53613b7d12e5953161f0a00N.exe
Size

152KB
MD5

6c66a83aa53613b7d12e5953161f0a00
SHA1

f1cbe6d2266a6e9ce6321308d0fb78aeb7009059
SHA256

77a0ff0d62936acf7dcae722438c0880a0b07d440fccf14b5cec4c0c7ae800a1
SHA512

32c687e89b3bd33811c303c0489d6f7dba749cf37f5af9476c219fb7bcc1721a1ad87db678540570bec674c0a319816b92564f4b8acf791e7bc444b5c2ecef5a
SSDEEP

3072:uOoqZuRbSwf6ptB6YCmoBaihp/+IIIXBJSdcRlCvITjpB:WYnDihp/xS7vI/p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c66a83aa53613b7d12e5953161f0a00N.exe

Files

6c66a83aa53613b7d12e5953161f0a00N.exe
.dll windows:6 windows x86 arch:x86

20e3738a9fffa0250845e3b880caabfc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msjint40.pdb

Imports

kernel32

DisableThreadLibraryCalls
LoadResource
LockResource
FindResourceA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent

Exports

Exports

CchLszOfId2

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ