1f760da979e8398f8d22ed6e8242f28d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1f760da979e8398f8d22ed6e8242f28d
Size

40KB
MD5

1f760da979e8398f8d22ed6e8242f28d
SHA1

8eff54dbd6d3a2730667272e8f8c74e694b39e0f
SHA256

cb86d88212717580657b2eee173f14fe3b855cc057e8a2fd8b053cf915c1ab4c
SHA512

6423376bd54eea1d86b7645eb422a2786409f563e5525c5859c5c8a7691e18905d003af45b242ec4086e586e39c4a97d1901e0af44425953453eb2686dd48dd7
SSDEEP

768:1Bwa3wLSqZkETG/jmwbU4oF4/EOi97emHGqn5DLDdQOn2skZG:d3wLSeK/iqU4/PHmHGq5DndQ027A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1f760da979e8398f8d22ed6e8242f28d

Files

1f760da979e8398f8d22ed6e8242f28d
.exe windows:4 windows x86 arch:x86

8b15ec9ff90667b3a56685dcfefa3266

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
InterlockedExchange
HeapAlloc
GetProcessHeap
InterlockedExchangeAdd
GetModuleHandleA
ExitProcess
CreateThread
QueryPerformanceCounter
GetACP
InterlockedIncrement
GetCurrentProcess
InterlockedDecrement
GetCurrentThread
GetTickCount
GetProcAddress

user32

DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
DestroyWindow
DefWindowProcA
FindWindowA
FindWindowExA
GetCapture
GetCursor
GetActiveWindow
GetDlgItem

gdi32

TextOutA
CreateSolidBrush
SetGraphicsMode
GetObjectType
GetBkColor
ResizePalette
UpdateColors

Exports

Exports

?jgdfgjfiogjfogC@@YAHHPADHHH@Z
?jgdfgjfiogjfogI@@YAHHPADHHH@Z
?jgdfgjfiogjfogK@@YAHHPADHHH@Z

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ