25ed161d9e8e36d9bae43d4eaf3563af | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25ed161d9e8e36d9bae43d4eaf3563af
Size

40KB
MD5

25ed161d9e8e36d9bae43d4eaf3563af
SHA1

a352bd521b5611c8ee05a9e91f8b8db2677b8aae
SHA256

79ec3bd79bb6b98969f56728d813875eabc9006f426b97e2116c7a3f3ac149c7
SHA512

1db9266c563af0abd185d05f71b1594a44be942e9187d8afe696b784775b63179ffd2de2bce455e7ff4caa463d136a38a69b17843bac82730d617ffe49b81a30
SSDEEP

768:1Bwa3wLSqZkETG/jmwbU4oF4/EOi97emHGqn5DLDdQOn2skZV:d3wLSeK/iqU4/PHmHGq5DndQ027D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25ed161d9e8e36d9bae43d4eaf3563af

Files

25ed161d9e8e36d9bae43d4eaf3563af
.exe windows:4 windows x86 arch:x86

8b15ec9ff90667b3a56685dcfefa3266

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
InterlockedExchange
HeapAlloc
GetProcessHeap
InterlockedExchangeAdd
GetModuleHandleA
ExitProcess
CreateThread
QueryPerformanceCounter
GetACP
InterlockedIncrement
GetCurrentProcess
InterlockedDecrement
GetCurrentThread
GetTickCount
GetProcAddress

user32

DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
DestroyWindow
DefWindowProcA
FindWindowA
FindWindowExA
GetCapture
GetCursor
GetActiveWindow
GetDlgItem

gdi32

TextOutA
CreateSolidBrush
SetGraphicsMode
GetObjectType
GetBkColor
ResizePalette
UpdateColors

Exports

Exports

?jgdfgjfiogjfogC@@YAHHPADHHH@Z
?jgdfgjfiogjfogI@@YAHHPADHHH@Z
?jgdfgjfiogjfogK@@YAHHPADHHH@Z

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ