5621ed4774383a58837070cebd6a6e6f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5621ed4774383a58837070cebd6a6e6f
Size

60KB
MD5

5621ed4774383a58837070cebd6a6e6f
SHA1

efa9da600767551a83a6478e9c77a40e64c6ce7d
SHA256

7b990addc3d00df632e6c37559129959d5cd97d9b1d05d5e4ac76fd7cba5e82a
SHA512

6cd2fc42362119dd821c71601bc97fb97c1b27739993fd088b1f0ae25d15bed41bdc3f23657b3956b34be759d4c1fd50af151517dd1becdda7550cc66167cf47
SSDEEP

1536:YCWU10Pzt7kS2I0tWaC6T7KcPeK0JIckNGE+heAj:Eg0PztQJtFd2cKJWNqeo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5621ed4774383a58837070cebd6a6e6f

Files

5621ed4774383a58837070cebd6a6e6f
.exe windows:4 windows x86 arch:x86

3f7de5c91d713a0602e9224c84d4134e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetClassNameA
GetKeyboardState
OpenDesktopA
GetIconInfo
GetWindowTextA
SendMessageA
CloseWindowStation
GetDlgItem
SetThreadDesktop
LoadCursorA
GetCursorPos
OpenWindowStationA
PeekMessageA

shlwapi

PathFileExistsW
PathCombineW
wnsprintfW
PathFindFileNameW
PathMatchSpecW
wnsprintfA
wvnsprintfW
SHDeleteKeyA

advapi32

CryptGetHashParam
CryptAcquireContextW
RegEnumKeyExA
RegCreateKeyExA
RegCloseKey
CryptReleaseContext
GetUserNameW
CryptHashData
RegSetValueExA
DuplicateTokenEx
CryptCreateHash

kernel32

GetModuleFileNameW
lstrcpyW
SetFileTime
VirtualProtect
GetFileAttributesW
GetLastError
FindFirstFileW
WideCharToMultiByte
CreateFileA
GetProcAddress
VirtualAlloc
EnterCriticalSection
CopyFileW
GetUserDefaultUILanguage
ExpandEnvironmentStringsW
GetModuleHandleA
FindResourceW
lstrcatA
FindNextFileW
GetVersionExW
ResetEvent

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE