01efbcd4a779faddb49d7258483d52e1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01efbcd4a779faddb49d7258483d52e1
Size

715KB
MD5

01efbcd4a779faddb49d7258483d52e1
SHA1

0bc351e2d5a8670b810f71d67b574f49b1f0ca99
SHA256

883c51440fa263efe1319b026e29f2b6098657f3add2c8af84fa5b08bd6cc7ca
SHA512

441ba497b19ab3b426be47cb824d9606f6de3b3acda97014dce8207f4d017063c092573c007e5042957ad5bf7484d97577ec55c2858cb7900cd54b1bea4cc28b
SSDEEP

12288:A7OgqCc7F7ywKL8RI2KlMNMVIU8Y/OwPxDneM9vn3G1whi6UpcqwMP6028A0XI4:A7BMpywS8AiMVJVPxDdW1whfUpcdM9/7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01efbcd4a779faddb49d7258483d52e1

Files

01efbcd4a779faddb49d7258483d52e1
.exe windows:4 windows x86 arch:x86

f19f92cebca9b5ee7bf82bc8ef284ce7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetKeyboardType
CreateWindowExA
DdeCmpStringHandles

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
DeleteCriticalSection
TlsSetValue
lstrcpyA
Sleep

advapi32

RegQueryValueExA
RegSetValueExA

oleaut32

SysFreeString
SafeArrayPtrOfIndex

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

Sections

.text
Size: 45KB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE