5de55d0b24d42977d3f746810b690f84 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5de55d0b24d42977d3f746810b690f84
Size

256KB
MD5

5de55d0b24d42977d3f746810b690f84
SHA1

bc842a6ca5fce675143e7e9515c02d8157a23f71
SHA256

bddd2e9fc0e8527aba4d7942105f6a3ce06279e0fca4a1084bd376d9b889eb85
SHA512

a1b3c5b6a98e6c76388dea36fdc2f1e22be7bcc638cd2dbb659ca84ed174e472864c2e2917368e79dd992a20846b6017b1bd399b411f7f1c96f929bdbfb7903f
SSDEEP

6144:fyx7wF1Pf34Vjs0MU/3ZLJ7sc1X03tEjcW:ax7SPAyq3Z2cgicW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5de55d0b24d42977d3f746810b690f84

Files

5de55d0b24d42977d3f746810b690f84
.exe windows:5 windows x86 arch:x86

12c9514a5f952b659d1f7433440ffc16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
GetSystemTime
lstrcatA
GetTickCount
lstrcpynA
lstrlenA
GetModuleFileNameA
GetLocalTime
GetProcAddress
GetModuleHandleA
GetLastError
GetTempPathA
GetVersion
FindAtomA
WaitForSingleObject
CreateProcessA
lstrcpyA
GetTempFileNameA
lstrcmpA
ExitProcess
RtlUnwind
VirtualQuery
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

user32

InflateRect
GetCursorPos
wsprintfA
ClientToScreen
IsWindowVisible
GetFocus
GetWindowRect
GetCaretPos
EqualRect

shlwapi

SHGetValueA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 242KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE