550634441c3ba6f9fea4c67b37b59a2a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

550634441c3ba6f9fea4c67b37b59a2a
Size

248KB
MD5

550634441c3ba6f9fea4c67b37b59a2a
SHA1

04420d782186744ca31e9ae63c91a4e395f77fb8
SHA256

e01b0a0352e75c54affc79571bfe05711a050eb513bb24ef3a00fc25a944a63e
SHA512

3928f21360223eb26fae4b7a49f7891e99f3920be7d34def8b0814e051047526c9ba3ffae9a968816bbabdaff5dd9c2cdef2b80769108626ef52c4547cf1a872
SSDEEP

6144:G0XpwsW9z8WpmJBjo/+XPxI/GUTRWLtM:ZX7Wh8CmJBjo/+XZI+EWLtM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
550634441c3ba6f9fea4c67b37b59a2a

Files

550634441c3ba6f9fea4c67b37b59a2a
.exe windows:4 windows x86 arch:x86

1ee3ded87198279942663186f9f6bb0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetCommandLineA
SwitchToThread
GetFileAttributesW
TlsGetValue
GetThreadLocale
DeleteFileA
SetEndOfFile
IsDBCSLeadByte
lstrcpyA
GetSystemDefaultLCID
AllocConsole
TlsSetValue
GetUserDefaultLCID
GetOEMCP
FindResourceExA
GetCurrentThreadId
TlsFree
VirtualAlloc
GetModuleFileNameA
GetModuleHandleW

user32

GetWindowTextLengthA
ValidateRect
InvalidateRect
GetFocus
GetWindowLongA
GetWindow
GetWindowTextA
GetActiveWindow
GetDC
RegisterClassA
GetClassInfoExA
CloseWindow
IsIconic
ReleaseDC
GetSystemMetrics
ReleaseDC
ShowWindow
IsWindowVisible
GetForegroundWindow

version

VerFindFileA
VerQueryValueA
GetFileVersionInfoA
VerInstallFileA
GetFileVersionInfoSizeA
VerLanguageNameA

msctf

DllGetClassObject

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ