5197fea6dd68898e6eb71dbd514bd944 | Triage

Sharing

General

Target

5197fea6dd68898e6eb71dbd514bd944
Size

25KB
MD5

5197fea6dd68898e6eb71dbd514bd944
SHA1

442031bdf156a69468e87b33cf79851408868d23
SHA256

eb0e55768697855cf00a2c66e3dbae4b5dbffe5d0fc90a26f93648e68ccb28b5
SHA512

a885adf7fd05bb9a20b892df35c2110427776e4e51c882279101772b3cfbb510d5b599bd99ae11dea6331367b9411332f79d22d87de969085848f2059dbde7ae
SSDEEP

384:x/0rrQwc35G9rGWTTw33yqP5i2F5WvVFZksAi2q8:Src9sGKcHlNCz2q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5197fea6dd68898e6eb71dbd514bd944

Files

5197fea6dd68898e6eb71dbd514bd944
.exe windows:4 windows x86 arch:x86

bce33a70f2e0667fc88e2254998a1f5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetExitCodeThread
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
Module32First
Module32Next
OpenMutexA
OpenProcess
ReleaseMutex
Sleep
TerminateProcess
ExitProcess
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpiA
lstrcpyA
lstrlenA
ResumeThread
GetPriorityClass
VirtualAlloc
VirtualFree
GetCurrentProcessId
SetLastError
CreateRemoteThread
CreateToolhelp32Snapshot
CreateFileA
CopyFileA
WaitForSingleObject
CloseHandle

advapi32

RegQueryValueExA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA

user32

FindWindowA
GetWindowThreadProcessId

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE