8af03a6b59a6e61993dd1f3f2bd110c0N[.]exe | Triage

Sharing

General

Target

8af03a6b59a6e61993dd1f3f2bd110c0N.exe
Size

1.8MB
MD5

8af03a6b59a6e61993dd1f3f2bd110c0
SHA1

e1a050df7498fd45dd60dae15154baf5c6029546
SHA256

90a483cc9b5ab9c3dc59d5ff5eba5a018076d94c9562f2bb1962ab5fa8e0f64b
SHA512

619308ef6b9552ac317255ddabbbc2311b538e0339c1574a7499087958a5d18caa9f01aaf2efe78011afa9c8631a0e5ce40d5cb46e79c28e39a6978d39d3acd6
SSDEEP

49152:aKFw9JD1hxPLq5u12W0lYTy/YQcB8RYhnZCOzYum:xaDdLq5u1TJ24QYbCn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8af03a6b59a6e61993dd1f3f2bd110c0N.exe

Files

8af03a6b59a6e61993dd1f3f2bd110c0N.exe
.dll windows:5 windows x86 arch:x86

3c532e2dc9f92d9716199a7896b0d3da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetUpdateRgn
GetLastActivePopup
CreateDesktopA

kernel32

GetFileTime
GetLastError
GetModuleHandleW
GetModuleFileNameW
EnterCriticalSection
GetBinaryTypeW

advapi32

MapGenericMask

shell32

CommandLineToArgvW
SHGetDesktopFolder

imm32

ImmSimulateHotKey

gdi32

PtInRegion

urlmon

CompareSecurityIds

rasapi32

RasSetEapUserDataW

mprapi

MprAdminServerDisconnect

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ