1889c9f07d48421484dfe3df49b382b72c889e4cbe7e44d07ee6f1e4f49a44a8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1889c9f07d48421484dfe3df49b382b72c889e4cbe7e44d07ee6f1e4f49a44a8
Size

30KB
MD5

2d9ec509f433d661ed29c949168379a6
SHA1

d8863ff27a0c6e164252e48e3b3e4f9ac1223eed
SHA256

1889c9f07d48421484dfe3df49b382b72c889e4cbe7e44d07ee6f1e4f49a44a8
SHA512

d552d590b11540acc206c1d0195c799372c14a6ae671b9c1917ae6360e3a702a94b51a7cf073241c12df7e23c58bfea2cb7b151e59832ef7a3041577b3c8bf3f
SSDEEP

384:0aBJAEUjE7dPcmzhAAB3q2p+UwVYly7cNKX9uCpPICbpwLcDQm9jsbhtBFn:0KRUjEB0mfHjly7cNO95wwDDC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1889c9f07d48421484dfe3df49b382b72c889e4cbe7e44d07ee6f1e4f49a44a8

Files

1889c9f07d48421484dfe3df49b382b72c889e4cbe7e44d07ee6f1e4f49a44a8
.exe windows x86

d5201b35184f2af59bba41345786528e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantTimeToSystemTime

kernel32

LoadLibraryA
GetDateFormatA
GetTimeFormatA
GetLocalTime
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
LocalFree
WideCharToMultiByte
GetCommandLineW
GetModuleFileNameA
CloseHandle
WriteFile
CreateFileA
GetPrivateProfileStringA
FreeLibrary
GetProcAddress
LCMapStringA

msvcrt

strncmp
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z
atoi
_ftol
sprintf
strncpy
modf
strchr
memmove
malloc
free

user32

wsprintfA
MessageBoxA

shell32

CommandLineToArgvW

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE