5d7fa359a37f6314f6958e0595137afd | Triage

Sharing

General

Target

5d7fa359a37f6314f6958e0595137afd
Size

332KB
MD5

5d7fa359a37f6314f6958e0595137afd
SHA1

72de952cf310b7b6b00702403ea97b7045eaea95
SHA256

2e6816bd72cbf424d834d94f55a9f88a65c42b75ce7886e36ff6ea7e4fbf1966
SHA512

31d6609cb0cb5912a961b1e6904efa05a4a92fe4def1e35636ab4a43853bf454d52b80969225cc96f5e0cf6ec043ca7c9eac9ec4ec0d5ddbaa1e5a60a731fc3d
SSDEEP

6144:1br1orZQK109h9E2qpknqXinCOFsVqFkOxOI74okJ3uCPrYcU/+:1b2l91w6L8IVckOxxoD8/+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d7fa359a37f6314f6958e0595137afd

Files

5d7fa359a37f6314f6958e0595137afd
.exe windows:4 windows x86 arch:x86

7c6ba425d451308da2ec2a923887b6fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetModuleHandleA
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
CreateThread
GetCurrentThreadId
VirtualProtect
GetCommandLineA

user32

CloseWindowStation
GetThreadDesktop
CreateDesktopA
SetThreadDesktop

advapi32

RegConnectRegistryA
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegQueryInfoKeyA
SetServiceStatus
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
RegEnumKeyExA
InitializeAcl

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitialize
CLSIDFromString
CoGetMalloc
StringFromCLSID

msvcrt

_XcptFilter
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_controlfp
__set_app_type
__p__fmode
memset
malloc
free
_except_handler3
_exit
_acmdln
exit
__p__commode

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 308KB - Virtual size: 615KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ