16279a575b78e5902b85e3614460ee72 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16279a575b78e5902b85e3614460ee72
Size

279KB
MD5

16279a575b78e5902b85e3614460ee72
SHA1

beb3b83906c8048f25e3fcc0e9a6642c77f6dccc
SHA256

406996dda796505ae53ccd15369a5392687e9bda00a0f102a970e29452ece293
SHA512

ef26994500ee891964fcebad4bc461939ffe422ffac8e96e87f44c7cef5fc0a63661f01e8fe03de57472276152ff84e8ed078801fe88c030a4bf3725cab2c154
SSDEEP

6144:xFhR0TJpYhYVYdTfZefmK/a+bas8byhLsMKP:x90EHTfZefmK/a++DbyFe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16279a575b78e5902b85e3614460ee72

Files

16279a575b78e5902b85e3614460ee72
.exe windows:4 windows x86 arch:x86

d70e54b1599189360b7cac5ce4a4efbc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
HeapFree
GetCurrentProcessId
SetLastError
HeapReAlloc
VirtualAlloc
VirtualQuery
HeapCreate
EnumSystemLanguageGroupsW
HeapAlloc
VirtualFree
HeapDestroy
GetWriteWatch
TlsAlloc
IsBadWritePtr
QueryPerformanceCounter
TlsFree

shlwapi

PathAddBackslashW

shell32

SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW

winmm

mciSendCommandA

user32

SetWindowTextA
LoadImageA
CreateWindowExA
GetWindow
DestroyIcon
LoadStringA
GetDlgItem
GetParent

oleacc

CreateStdAccessibleObject
AccessibleChildren

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ