411229bb83d311dee05b01ada9b3f365 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

411229bb83d311dee05b01ada9b3f365
Size

133KB
MD5

411229bb83d311dee05b01ada9b3f365
SHA1

7a209054bc7e7c84a95156d3bc3551db405ae85c
SHA256

883e2a6918f5562704cebd25621321e6275dc3597862018dd8a51efce75db778
SHA512

551f55dcd93bd0446903703df03e6ad32cfd4951178f8da89c47df04ae490cafcecab37ba9aa58d18da9e290db101659f51965e3670733aff5020285c23fb0cb
SSDEEP

3072:zGJp1bKJamKktxqi85cPNA1qBH3W8xRE1qKWOqDN4wo:zupNKJsWGcPO1WPDE1Dq9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
411229bb83d311dee05b01ada9b3f365

Files

411229bb83d311dee05b01ada9b3f365
.exe windows:5 windows x86 arch:x86

341af7ec9820e1e7db34af647b2c865c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ord165
ord195

shlwapi

StrCpyNW
StrChrIW
ChrCmpIA

kernel32

GetShortPathNameW
DeleteFileA
GetCommandLineW
GetEnvironmentStringsW
SetStdHandle

user32

CharLowerBuffW
LoadMenuA
GetPropA
KillTimer
SetPropA
CheckRadioButton
UnregisterHotKey
GetDlgCtrlID
ChangeDisplaySettingsA
DrawStateW
IsWindowUnicode
InsertMenuItemA
GetCursor
LoadAcceleratorsA

gdi32

GetObjectA
GetCharWidth32A
GetICMProfileW
GetTextFaceA
CheckColorsInGamut
FlattenPath
OffsetRgn
TextOutA

ole32

CoInitialize
CoUninitialize
OleGetIconOfClass

ntdll

NtQueryVirtualMemory
RtlUnwind
memset

Exports

Exports

?BFdbfshGJfdehsgfshgsgs@@YGKK@Z
?HDfkufgJHfgdsfhbfjsdfsdfd@@YGKKKK@Z
?NBFdbfhGJfdshgfdhgfdd@@YGKKK@Z

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.modify
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ