1628f4814734ab133f31b60ac8ac0a22 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1628f4814734ab133f31b60ac8ac0a22
Size

802KB
MD5

1628f4814734ab133f31b60ac8ac0a22
SHA1

26c113a231508a827d73d814d4e1faaaae567b92
SHA256

69f74937c4f038a72d2e6368b41b2d31038ed599b4f11cbb0faed7d32b43a912
SHA512

173fe2b1bdbf950c30600b507d147f2419c95850eaf92f0d5e199cdcefde8dcf0dc978b835e3e26254c1c7d39ab70f86b337102d5b7e25465be30cdc4f392ed3
SSDEEP

24576:0oPzvcWONtoCB8sPDSxP2qMk10hdAvz6Q:lPjWtsKJg10hdA+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1628f4814734ab133f31b60ac8ac0a22

Files

1628f4814734ab133f31b60ac8ac0a22
.exe windows:5 windows x86 arch:x86

acc3122c4418be87fff9746522906dda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapDestroy
LeaveCriticalSection
CreateDirectoryA
GetConsoleMode
CreateFileW
OpenMutexA
GlobalFlags
VirtualProtectEx
CreateFileW
SetFileTime
GetProcessHeap
GetCurrentThreadId
SetFilePointer
GetDriveTypeW
GetProcessVersion
GetVolumePathNameA
DeleteFileW
PulseEvent
FindAtomW
OpenEventA
InterlockedExchange
GetModuleFileNameA
GetModuleHandleA
DeleteFileW
GetFileAttributesA

user32

wsprintfA
IsMenu
DispatchMessageA
DestroyMenu
GetWindowLongA
SetFocus
DestroyIcon
PeekMessageA
GetWindowTextA
MessageBoxA
LoadCursorA
GetWindowLongA
SetRect

dot3msm

Dot3MsmDeInit
DllMain
Dot3MsmDisconnect
Dot3MsmFreeProfile

advapi32

IsValidAcl

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 793KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE