b82d03493e32f43f732ca14db6e25920N[.]exe | Triage

Sharing

General

Target

b82d03493e32f43f732ca14db6e25920N.exe
Size

2.9MB
MD5

b82d03493e32f43f732ca14db6e25920
SHA1

88806027d2d05f8de38307cbd0f1ecff98efff4b
SHA256

6c7a6d962e2cce4a9580bc8a1f70417d0e0d83d690b975e3949dabe524ee0e80
SHA512

8a93cb68dd39afaec9f3c834a2a568180fdd9615dae33fe564e0bad6146b5daf7df1aadf5d59ffec8d8a4e373b60302e412f2e6798353fc764c133ad5c8d14a4
SSDEEP

49152:mDTQUuEJtuKpSpL/UEsPP65AQ+n+aEdZYopejdwXZwPqUoHLiNJ:maEJ4KuYbGvKdwJQkk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b82d03493e32f43f732ca14db6e25920N.exe

Files

b82d03493e32f43f732ca14db6e25920N.exe
.exe windows:4 windows x86 arch:x86

3138e73f93af02345563bcbe9d314bb9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtLockRegistryKey

kernel32

GetConsoleProcessList
GetSystemDefaultLangID
GetCurrentProcess

user32

GetProcessWindowStation

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 379B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE