05d9e3b91382688cfd4a01502f178dcd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05d9e3b91382688cfd4a01502f178dcd
Size

128KB
MD5

05d9e3b91382688cfd4a01502f178dcd
SHA1

56d8da660d1b41ac59c8469bf90127be8194c8cb
SHA256

cb7aba2d66c80a99af2171f854b7cd8e8497340a19340d0ec9c8df419680f451
SHA512

43a1def01bd0ebff51f69ba31996354e89796c8dfa383d497c07bc942ec6b965f415b89c6c9ff7c9d43144afcceff86d8d11782cee0bca5b050599d45d38a4f0
SSDEEP

3072:E6Iu7qhXbwxHd3eDeNxUyrYLQywnVNhT:9lCYdYLQ1nVb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05d9e3b91382688cfd4a01502f178dcd

Files

05d9e3b91382688cfd4a01502f178dcd
.exe windows:4 windows x86 arch:x86

6d5f18f9cebedf49236b2823e121ca2d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetDesktopFolder
SHGetFileInfoA
SHFileOperationA

advapi32

RegQueryInfoKeyA

version

GetFileVersionInfoSizeA

kernel32

VirtualAlloc
ExitProcess
GetProcAddress
lstrlenW
IsBadReadPtr
GetACP
GetModuleHandleA
GetCommandLineA
LoadLibraryA
GetCommandLineW
ExitThread

comctl32

ImageList_GetBkColor
ImageList_Destroy
ImageList_Read
ImageList_Add

shlwapi

PathFileExistsA
SHDeleteValueA
SHSetValueA
SHDeleteKeyA
SHQueryInfoKeyA
SHQueryValueExA
PathGetCharTypeA
SHEnumValueA
PathIsContentTypeA

user32

CheckMenuItem
GetMenuItemInfoA
DestroyCursor
GetCursorPos
DefMDIChildProcA
FindWindowA
SetCapture
SendMessageA
CharNextW
GetKeyboardLayoutList
SetFocus
SetWindowPos
GetKeyboardState
SetClassLongA
DestroyIcon
WaitMessage
EmptyClipboard
SetTimer
DrawEdge
KillTimer
PostQuitMessage

msvcrt

exp

comdlg32

FindTextA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ