c820a9ba416ea13f68bd9cac35d59cf0N[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c820a9ba416ea13f68bd9cac35d59cf0N.exe
Size

100KB
MD5

c820a9ba416ea13f68bd9cac35d59cf0
SHA1

2a43dd7a26678032b85292a96e43a337cea433bb
SHA256

07e1da7d53a796c479ed8de05e9cec54dfb67313fc33a88740944e8cf933bff8
SHA512

6f358680da76193456879222766e62bedb4b0882c02048c8cdd58acbb4a38dfb1a2652f532aaa96a399ff5fd2b1448a726b54324b6c3dfe2190e3e524a574d5e
SSDEEP

1536:tLYr3t6ouuG8uIVf5ilHhoVP3JFXOnfTBgjh4Bdjq4tgByeBevJasbaq32R+Oqi:tLBo2ef5uyfJR6TBOadjLt6R6dba5ui

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c820a9ba416ea13f68bd9cac35d59cf0N.exe

Files

c820a9ba416ea13f68bd9cac35d59cf0N.exe
.dll regsvr32 windows:4 windows x86 arch:x86

34698853824c67a524850f31e7589174

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DebugBreak
IsValidCodePage
LoadLibraryExA
OpenWaitableTimerW
lstrcpyA
GetProcAddress
FindFirstFileExW

advapi32

FreeSid

oleaut32

SysFreeString

user32

wvsprintfA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
Gblkdgb
DllMain
DllRegisterServer
DllUnregisterServer
ServiceMain

Sections

.none
Size: 96KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.none2
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 224B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mnon
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ