630183426f51f88b169251c834173566 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

630183426f51f88b169251c834173566
Size

137KB
MD5

630183426f51f88b169251c834173566
SHA1

43d7bbe189252615c6f1824c50e5c90f67476831
SHA256

e068dd43e985e29bd8910ae1756875d9cf773321824559f49613107d28ab1dcb
SHA512

b3cf3807b701a06858f598084008875fe5df54c9575000d8ed54b65e386b27e089e28e9b3226fb89d71429429c5490167eec121402fbfd312ed5bfe3d7d16439
SSDEEP

3072:E7wulKu/NSjcMAIRe+i4AOucafZDpXKg:E7RpVSjcMW4CzfZDn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
630183426f51f88b169251c834173566

Files

630183426f51f88b169251c834173566
.exe windows:4 windows x86 arch:x86

48a3f7263ab294dfb4838b6814566365

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
FindResourceA
GetEnvironmentVariableA
LocalAlloc
SetLastError
GetStartupInfoA
SizeofResource
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
GetTickCount
lstrlenA
lstrcmpiA
lstrlenW
GetVersionExA
LoadResource
LockResource
GetModuleHandleA
RaiseException
EnumResourceNamesW
TerminateProcess
ExitProcess
CreateProcessA
GetSystemTimeAsFileTime
InterlockedExchange
LeaveCriticalSection
WideCharToMultiByte
QueryPerformanceCounter
FindResourceExA
GetLastError
GetModuleFileNameA
Sleep
EnterCriticalSection
InterlockedCompareExchange
GetCurrentProcess

shlwapi

PathAddBackslashW

clusapi

CloseCluster

user32

LoadImageA
LoadIconA
LoadStringW
DestroyWindow
CharNextA
GetSystemMetrics
MessageBoxW
UnregisterClassA
CharNextW

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ