f9afb04864641f18a133d3ed83051c3e6884140ecaa0cfe0e9780c2d858a2edd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9afb04864641f18a133d3ed83051c3e6884140ecaa0cfe0e9780c2d858a2edd
Size

330KB
MD5

10577555532a7ee969ffd52c99b0743e
SHA1

81fccc3460fa4ca6116f45b53313822db70be5b7
SHA256

f9afb04864641f18a133d3ed83051c3e6884140ecaa0cfe0e9780c2d858a2edd
SHA512

df041d2dfacd6ec42b4d5da8bb028e628dd279d9c729ec906848f5fe9fc051ce759d2472e2d463a9bb65fcb49a02e14032637054c5227cf29b8eb07011ea0bad
SSDEEP

6144:mw3swXRHR2yV1efchpuUySAeZabOjUgAAjy3FoRhJw5wSXTcPRGGe:BswXZgLfc/ab4FAIhXqcPFe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9afb04864641f18a133d3ed83051c3e6884140ecaa0cfe0e9780c2d858a2edd

Files

f9afb04864641f18a133d3ed83051c3e6884140ecaa0cfe0e9780c2d858a2edd
.exe windows:4 windows x86 arch:x86

e70953ccd5bfee8002e31268db876543

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GetSystemDefaultLCID
LocalFlags
CreateMutexA
LocalHandle
GetCPInfoExA
GlobalHandle
GetStringTypeW
LocalSize
CreateEventA
GetUserDefaultLCID
HeapReAlloc
VirtualFree
CreateSemaphoreA
GetStringTypeA
GetProcAddress
ReleaseMutex
OpenMutexA
SetEvent
OpenEventA
VirtualAllocEx
CloseHandle
PulseEvent
ResetEvent
ResumeThread
SuspendThread
GetModuleHandleA
GetStartupInfoA

netapi32

NetErrorLogWrite
NetAuditWrite
NetConnectionEnum
NetConfigSet
NetGetJoinableOUs
NetAuditRead
NetFileEnum
NetErrorLogClear
NetAuditClear
NetGroupAddUser
NetConfigGet
NetErrorLogRead
NetGetJoinInformation

msvcrt

_acmdln
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_exit
_XcptFilter
exit

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ