1e2931a281af39af9c220023480bffd57537d199ec1d6cf05465bba4a84285beN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1e2931a281af39af9c220023480bffd57537d199ec1d6cf05465bba4a84285beN
Size

336KB
MD5

9fbd8454b326ad6409c8298cbbea3d50
SHA1

11d11273dad7a17c9a63ab488ae11def790bdc32
SHA256

1e2931a281af39af9c220023480bffd57537d199ec1d6cf05465bba4a84285be
SHA512

ae90de57a07d435505f09a6d2243252b75ab9560b74ef2f5137d42fed743fe3fc2764d9aedff74e16e2996fa479a016425ed7279f9f2ec1931b4ada24e90d85b
SSDEEP

6144:FF9336YMFYfVcT7/9ju3iuUtZhckmEAhzNKGQXHJxb780y2LFkN:vJn9W7/1tZhcIAhZKGQXHJxf8wLSN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e2931a281af39af9c220023480bffd57537d199ec1d6cf05465bba4a84285beN

Files

1e2931a281af39af9c220023480bffd57537d199ec1d6cf05465bba4a84285beN
.exe windows:5 windows x86 arch:x86

8edc0f5174cc28381726b23fdc9151a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

trth drhrth.pdb

Imports

msvcrt

wcscspn

kernel32

EnumResourceLanguagesW
FindCloseChangeNotification
GetLocaleInfoA
LoadLibraryA
SetFirmwareEnvironmentVariableW
GetDriveTypeW
GetTickCount
GetDiskFreeSpaceExA
RaiseException
GetLastError
InterlockedExchange
LocalAlloc
LocalFree
GetProcAddress
FreeLibrary

clusapi

ClusterNodeEnum

shlwapi

PathUnquoteSpacesW

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

cvbv
Size: 4KB - Virtual size: 474B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rfvc
Size: 4KB - Virtual size: 38B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

joojk
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ