476ca2efa4650ccff3a1f5a1e95ec247 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

476ca2efa4650ccff3a1f5a1e95ec247
Size

8.6MB
MD5

476ca2efa4650ccff3a1f5a1e95ec247
SHA1

1ad774b2039e0a160b16894808890c6af22d80f6
SHA256

cf3be3cdd018f3d4bdbc807243d87a05093311995cac6ed22a3f13ad15b74b31
SHA512

831a8906b4e529f214450e4899391b75fb855a17a183d2287ccf7e811ba7cab7b619d59f27fc7346b3b1d13abe42720b0c96a57df73b8b54db4cff7a1cdbd3e2
SSDEEP

196608:V+mMQ1XUOx6rXBK8298OLUjXqnb6h2sCO8XaO:V+mMOXbx6I8s8xL2b6YXaO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
476ca2efa4650ccff3a1f5a1e95ec247

Files

476ca2efa4650ccff3a1f5a1e95ec247
.exe windows:4 windows x86 arch:x86

8ff31ce9dfae77c0cf5ffcb552596122

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
lstrcatA
GetSystemDirectoryA
Module32Next
Module32First
Process32Next
Process32First
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
LoadLibraryA
GetFileSize
LocalAlloc
LocalFree
CreateProcessA
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
lstrcmpA
ExitProcess
lstrlenA
CreateToolhelp32Snapshot
lstrcpyA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyExA
GetUserNameA
RegQueryValueExA

shlwapi

PathFindFileNameA

Sections

.f0Gx
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ