291a637f80b4e9fe887d30e5464fec1d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

291a637f80b4e9fe887d30e5464fec1d
Size

150KB
MD5

291a637f80b4e9fe887d30e5464fec1d
SHA1

98928ca82ea4c83354d87d929462165db928d84b
SHA256

27ea23c7f0534d1578591b4e296291962956052d29b735054afae490d7ec931e
SHA512

2073e7189598b3d3be177728f0b4a058f8d53782a023519069da54d6d19cf311c15994af762c72f37e58e7af0a0efaf23270cf5b4aefd17d013bf3790a20f9fd
SSDEEP

3072:4mKIv4QRuL67ShCanKXsS4BE1CIu7E3y6wRkKON40/nXyE8:eIv5R067SXnG54BEw7EldW0s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
291a637f80b4e9fe887d30e5464fec1d

Files

291a637f80b4e9fe887d30e5464fec1d
.exe windows:4 windows x86 arch:x86

5b62bd8c8da7f4724664efc695e79a28

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
WinExec
GetModuleFileNameA
CreateProcessA
GetLastError
GetTempPathA
GetStartupInfoA
GetModuleHandleA
DeleteFileA
GetStdHandle

user32

ShowWindow
EndDialog
IsWindowVisible
KillTimer
SetTimer
DialogBoxParamA

advapi32

RegQueryValueA

msvcrt

strcpy
_exit
_XcptFilter
_EH_prolog
??3@YAXPAX@Z
memset
??2@YAPAXI@Z
memcpy
_close
_write
__p__acmdln
_read
_lseek
_open
strcat
__CxxFrameHandler
_adjust_fdiv
__setusermatherr
exit
_controlfp
__getmainargs
_initterm
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ