12e493f7a5f1d8487239d477631457b9 | Triage

Sharing

General

Target

12e493f7a5f1d8487239d477631457b9
Size

524KB
MD5

12e493f7a5f1d8487239d477631457b9
SHA1

5a1173f347eb6d0bf3d76606008c4bee0dac65e0
SHA256

0c21cc2b9bf1e49a8b2eada21a695170c89a52fe209b13c6b136cb189fd62abb
SHA512

401a05b5ae15aae6b66191ef310946d2cdfcb74aea4b54c72d173d5d2c91541109808e8db26d988191c183f014595c628883656a157e6275bf72da20386430a5
SSDEEP

12288:q1DmCRaGA1J9NlMn1zn+AWkCDb8we0Yz2yCHBhaaB8O:IKCYTza1zNWkAQZ0M2yCj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12e493f7a5f1d8487239d477631457b9

Files

12e493f7a5f1d8487239d477631457b9
.exe windows x86

5afa9a8b314006f35dd01e2aac6bc7ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetLastInputInfo
CreateWindowExA
InvalidateRgn
DispatchMessageA
RegisterClassA
AppendMenuA
GetMessageA
GetUpdateRgn
DefWindowProcA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA

shlwapi

UrlCanonicalizeA

msvcrt

memset

oleaut32

GetErrorInfo
GetRecordInfoFromGuids

kernel32

LoadLibraryW
GetModuleHandleW
GetSystemTimeAsFileTime
CreateEventA
TerminateProcess
SetStdHandle
WaitForSingleObject
MoveFileW
LeaveCriticalSection
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WTSGetActiveConsoleSessionId

advapi32

AccessCheck
GetKernelObjectSecurity

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 364KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ