5e49b6a80808e80f56af11d1606cd449 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e49b6a80808e80f56af11d1606cd449
Size

263KB
MD5

5e49b6a80808e80f56af11d1606cd449
SHA1

3822473352d265a216cdebc52d5aea4c986d4136
SHA256

3d3d64abf244b335d4235c4b0e12cab016a25ec1b911e8c2404b9dfe4861e075
SHA512

5d745718cd9660c82a189f95fe35d3b6c6caea963153c534d24ad69e0f2c566ea6cd8d871dfc24c6f7bac70a7f9212920135b9abe4eb28fdd48a06f499864177
SSDEEP

6144:R0/Gzi9prygRnjjcrgC1Ww0c1v0Lb6/abI1gZWIXHkYtsxEW:YGzizXcrgx/S8LbWXgZWKHTe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e49b6a80808e80f56af11d1606cd449

Files

5e49b6a80808e80f56af11d1606cd449
.exe windows:4 windows x86 arch:x86

ea65d725c27eb968a8ae00d270bc5e15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

GetCurrentThreadId
CloseHandle
TerminateProcess
HeapFree
lstrlenA
lstrlenW
HeapSize
IsDebuggerPresent
WideCharToMultiByte
GetStdHandle
InterlockedExchange
HeapAlloc
GetTickCount
GetModuleHandleA
MultiByteToWideChar
SetUnhandledExceptionFilter
WriteFile
LoadLibraryW
QueryPerformanceCounter
GetCurrentProcess
UnhandledExceptionFilter
EnumResourceTypesW
GetACP
HeapFree
GetStartupInfoA
GetCurrentProcessId
GetThreadLocale
GetEnvironmentVariableA
HeapDestroy
InterlockedCompareExchange
CompareFileTime
LocalAlloc
HeapReAlloc
RaiseException
SystemTimeToFileTime
LoadLibraryExW
Sleep
GetSystemTimeAsFileTime
CreateProcessA
GetLocaleInfoA
GetSystemTime
GetProcessHeap
CreateFileW
lstrcpynW

oleacc

LresultFromObject
AccessibleObjectFromEvent

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ