1b27967ee681db027fbe0a5f64f99a88 | Triage

Sharing

General

Target

1b27967ee681db027fbe0a5f64f99a88
Size

241KB
MD5

1b27967ee681db027fbe0a5f64f99a88
SHA1

3c458cab4a6aaaa913917cca8291a70ccd2cb7ae
SHA256

e89ee57f1fae46360238aabba747781e317e39145fa8c335434b03f41072a031
SHA512

e93c8c6a066a8f52de8ef9358594bf103b2173e4c8b6c97d3c9d986fea8300d7bbfc0146c5fb6af42be98cb974cae2600b8c98dda942b9775206d723a09dcc34
SSDEEP

6144:/qX8cOQHmxVDprCwBrfazfsRj8LZsxbzSNmbofyL11s:iX8jQGxjLwkRj8FsxbzSNqo6LY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b27967ee681db027fbe0a5f64f99a88

Files

1b27967ee681db027fbe0a5f64f99a88
.exe windows:4 windows x86 arch:x86

9f94c80ab7c3edd6bcafca91d7032008

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLCID
FreeLibrary
TlsFree
GetModuleFileNameA
TlsSetValue
lstrcmpA
GetModuleHandleW
GetCurrentProcess
GetUserDefaultLangID
GetCurrentProcessId
TlsGetValue
GetDriveTypeW
GetLogicalDrives
TlsAlloc
VirtualAlloc
GetCurrentThread
lstrcatA
GetACP
IsDBCSLeadByte
GetCurrentThreadId
GetCommandLineA

user32

GetActiveWindow
GetWindowLongA
GetWindow
CreateWindowExA
IsIconic
GetFocus
GetSystemMetrics
GetForegroundWindow
GetDC
GetWindowTextLengthA
GetClassLongA
UpdateWindow
BeginPaint
ShowWindow
IsWindowVisible
GetWindowTextA
RegisterClassA
GetWindowDC
ReleaseDC

shell32

StrCmpNA
StrRChrIA
StrRChrA
StrChrA
StrChrIA
StrCmpNIA

msctf

DllCanUnloadNow
DllGetClassObject
TF_GetThreadFlags
DllRegisterServer

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ