499d623c6c40b7151f138e9caf283160 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

499d623c6c40b7151f138e9caf283160
Size

133KB
MD5

499d623c6c40b7151f138e9caf283160
SHA1

f5402f064584445606479c5941a082616ed131f1
SHA256

cab0ab5a5c193b3b9d7986675ecef832b4e4188ab0c775fe079a3b56c9c5e09b
SHA512

3ee6897a6c6bc66ff951ee9f3b04675b7f96df6d6d779a78e62fd06c60ce6177ac90bb59272aed2fffa6fca5384a269c578ccefe4a46345741dd727581b167cd
SSDEEP

3072:+kwfBWX/oJGBhKcXsqog9SFXOgT2i20y5PuhHDS/V5:s+IksqofhKlaHDS/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
499d623c6c40b7151f138e9caf283160

Files

499d623c6c40b7151f138e9caf283160
.exe windows:4 windows x86 arch:x86

681fb869c1498bb4da406c40e4ed7f13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA
Shell_NotifyIconA
SHFileOperationA
SHGetDesktopFolder

shlwapi

SHStrDupA
PathIsContentTypeA
SHDeleteKeyA

user32

CharUpperA
IsDialogMessageA
IsDialogMessageW
IsIconic
GetCapture
LoadCursorA
GetMenu
GetActiveWindow
GetFocus
IsRectEmpty
CharLowerA

gdi32

GetRgnBox

kernel32

ExitProcess
lstrcatA
HeapDestroy
GetStdHandle
VirtualQuery
GetLocalTime
GetLastError
VirtualAllocEx
CreateEventA
SetThreadLocale
VirtualAlloc
FormatMessageA
GetCommandLineA
FindResourceA
GetFileSize
CreateFileA
lstrlenW
SetEvent
GlobalDeleteAtom
GetFileType
lstrcpyA
GetThreadLocale
IsBadReadPtr

Exports

Exports

_qZK2pn
57BMR@12

Sections

.text
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ