c7ab077ae35b58f2b294b8c3dd58feaabdc09f3b07deb0ac3dc792c5b11b84df | Triage

Sharing

General

Target

c7ab077ae35b58f2b294b8c3dd58feaabdc09f3b07deb0ac3dc792c5b11b84df
Size

28KB
MD5

fb6ba16fbb91862ef6e094cc0676623e
SHA1

7f5709e14dac7f59cac6387579a8d063b11a147d
SHA256

c7ab077ae35b58f2b294b8c3dd58feaabdc09f3b07deb0ac3dc792c5b11b84df
SHA512

4051cc43f1c0e15486d5523e12f3ad037745cf7416147de39a97fe0f0bc90abebfeb9f1e2b5de243a178dda362273ac827f673d36dedcb0b851a5f88d587aa66
SSDEEP

768:Nu5Rc/aEXBPWlLxc7lVl5eVEo9ttttdtPtttttVttItttttttVtttttJttttttty:N7aIBPqcR5eV6Z6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7ab077ae35b58f2b294b8c3dd58feaabdc09f3b07deb0ac3dc792c5b11b84df

Files

c7ab077ae35b58f2b294b8c3dd58feaabdc09f3b07deb0ac3dc792c5b11b84df
.exe windows:4 windows x86 arch:x86

1901fa132c99a01befe01f9af3f73cf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCommandLineW
GetThreadContext
GetTempFileNameW
SetThreadContext
FreeResource
FindResourceW
LoadResource
CreateProcessW
WaitForSingleObject
GetModuleHandleW
GetTickCount
VirtualQueryEx
WriteFile
OpenProcess
SizeofResource
ReadProcessMemory
GetFileAttributesW
CreateProcessA
TerminateProcess
GetModuleFileNameW
CreateFileW
lstrlenW
GetTempPathW
GetProcAddress
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
LockResource
Module32FirstW
lstrcatW
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
WriteProcessMemory
ResumeThread
lstrcpyW

shell32

SHFileOperationW
SHChangeNotify

shlwapi

StrChrW
StrRChrW
StrCmpNIW

msvcrt

free
??2@YAPAXI@Z
??3@YAXPAX@Z
memset
malloc
memmove

Sections

pe
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ