21dfd1b25d478ca7dc889702abc66091 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21dfd1b25d478ca7dc889702abc66091
Size

165KB
MD5

21dfd1b25d478ca7dc889702abc66091
SHA1

412789e9e4a56a235f0ba579f983628bb5e70a3c
SHA256

56abe5a0cd8aa22db803e66e116feb17e5b48db72ed89cf3700d0af24fefe06f
SHA512

2610d52b70aec0b372628f1c0a39a44e32bde373149d79c007548c662de4c8d13d89bb81f0a160a1e5a8402ea38afe014ce1d134201234f67b3f53eadf8c8139
SSDEEP

3072:3Dz7W5TsyDStk2OmCOQi6NZkxmpkNufdfM3a7biJsnZQLK:3DW5T7StTOm5Q2clf6q6JwQL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21dfd1b25d478ca7dc889702abc66091

Files

21dfd1b25d478ca7dc889702abc66091
.exe windows:5 windows x86 arch:x86

768ba8fb3680dc23057b742712900845

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxW
IsWindow

shell32

SHGetSpecialFolderLocation
SHCreateDirectoryExW
CommandLineToArgvW

kernel32

ExitProcess
FindFirstFileW
FindNextFileW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFullPathNameW
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
lstrlenW
InterlockedExchange

msvcrt

_cexit
_controlfp
_exit
_initterm
_ismbblead
_wcsdup
_wcslwr
exit
free
memset
printf
wcsstr
wprintf
_amsg_exit
__setusermatherr
__set_app_type
__p__fmode
__p__commode
_XcptFilter
__getmainargs

gdi32

PolyDraw
ArcTo

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

AStartUp
CchFileTimeToDateTimeSz
FIsHTMLFile
HrEditPhonebookEntry
OpenWFileStreamShare
UpdateSubTexture

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ