2c0632df6eaace951bfdf637cf5e3b5b | Triage

Sharing

General

Target

2c0632df6eaace951bfdf637cf5e3b5b
Size

636KB
MD5

2c0632df6eaace951bfdf637cf5e3b5b
SHA1

983604d8a65a7994604e0a8ac00dfe25bb513194
SHA256

e99ff2cf53ac497b533562e01e48f4a0cac1240c4543b82631ff1cc2810e0ee5
SHA512

0c94a672ef0967c1bcca5d6c371b3f9595817d34a453c7ddea95ac62fcb51232e0b02fcdfcb7f9cf916dde86b7a763358f187c62593c05f67d5764b7ac5c187d
SSDEEP

12288:Z2440E3nuWo96luZCOUGMme+xg//0oz5exq6RS9V4P3S+M0yOv:eMWpuZZUjmPS//96RoOvS+MjU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c0632df6eaace951bfdf637cf5e3b5b

Files

2c0632df6eaace951bfdf637cf5e3b5b
.exe windows:4 windows x86 arch:x86

f2252844ce138b25a00d932241c8b08a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetLogicalDrives
GetTapeStatus
HeapCreate
GetEnvironmentStringsA
VirtualProtect
LoadLibraryExA
GetProcessHeap
HeapDestroy
GetProcessVersion
GetCurrentThread
WaitForSingleObject
HeapQueryInformation
GetStdHandle
GetTimeFormatA
IsDebuggerPresent
InterlockedExchange
GlobalMemoryStatus
CreateIoCompletionPort
GetCurrentProcessId
GetModuleHandleA

user32

BeginPaint
DrawTextA
GetTitleBarInfo
GetParent
EndPaint
SetForegroundWindow
FrameRect
GetWindowTextLengthA
ReleaseDC
wsprintfA
FillRect
GetCursorPos
DragDetect
GetDlgItem
ShowWindow
GetWindow
GetFocus
GetClassNameA
SetActiveWindow

advapi32

RegFlushKey
RegEnumKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey

setupapi

SetupCloseLog

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ