494de0f791688f15251fad38a79972ef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

494de0f791688f15251fad38a79972ef
Size

92KB
MD5

494de0f791688f15251fad38a79972ef
SHA1

9ba7a7f28e9b4a7036bfd2cd2ebbf6727f45672d
SHA256

7c609cb3068fe4f56e9983b4a04f9172fcc934d38c7888a941511000ea4a4a9d
SHA512

a997d3685fd5d5e022c29908da4268ec59d8125d6f98d3132b377f2d4e8cc76cd485a0369ad29d0d373e7783afbd6fa15266480f0c9fd2c819ee3752e8e4cc33
SSDEEP

1536:zPv3wFukx/qumUD1HWSWegmlgM3O7QuXkSE6BpOiQ3AwTAAQ+:zXXEqut5HWXag8wXzOiQ3m+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
494de0f791688f15251fad38a79972ef

Files

494de0f791688f15251fad38a79972ef
.exe windows:5 windows x86 arch:x86

5b0b00a13095dc72a04890ce65e9ab3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
GetLastError
GetConsoleMode
GetWindowsDirectoryA
GetThreadLocale
LoadLibraryW
lstrcatA
GetStartupInfoA
RemoveDirectoryA
InterlockedCompareExchange
RaiseException
VirtualProtect
GetProcessHeap
GetCurrentProcess
lstrcmpA
GetSystemTime
GlobalReAlloc
GetModuleHandleA
LoadResource
GetModuleHandleW
GetPrivateProfileStringA
GetSystemDefaultLCID
DeleteFileA
FreeEnvironmentStringsA
GetExitCodeProcess
GetSystemTimeAsFileTime
GetTempPathA
GlobalFree
GetVersionExW
GetUserDefaultLangID
SetFilePointer
GetModuleFileNameA
GetTempFileNameA
SetThreadLocale

msvcrt

_XcptFilter
__p__fmode
__set_app_type
_adjust_fdiv
_initterm
_except_handler3
__p___initenv
_controlfp
_exit
__p__commode
__getmainargs

Sections

.text
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ