61f365ce49e018b99033936d4f8b764e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61f365ce49e018b99033936d4f8b764e
Size

235KB
MD5

61f365ce49e018b99033936d4f8b764e
SHA1

014871c9a7988913554d285cd96969405b9c5541
SHA256

715536c3e98a53c1b53d037027dc7989554363186d208493baa7efdab1b08c72
SHA512

3a9d164f47a4d5531f59e26eb4b3aeb19d9c9c33cb150a6e7e1fceb267ad37360e4681b5d0042c7daf908eb72e233fa3f86aca6ed4e40378273ddbdff1d60233
SSDEEP

6144:kDIVFmUQTA7Acll2AlFQ9eeYlDOiCT1tyo:fzmUQRA4eHDOie

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61f365ce49e018b99033936d4f8b764e

Files

61f365ce49e018b99033936d4f8b764e
.exe windows:4 windows x86 arch:x86

d6124e49e53c7c04f5ef51ae1527b684

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
IsBadReadPtr
GetCommandLineW
ExitProcess
GetModuleHandleW
WideCharToMultiByte
GetCommandLineA
GetLastError
GetModuleHandleA
VirtualAlloc
lstrlenA
ExitThread
GetProcAddress
LoadLibraryA
MoveFileA
WaitForSingleObject

gdi32

RestoreDC
SetBkColor
CreatePalette
SaveDC
CreateFontIndirectA

comdlg32

ChooseColorA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

msvcrt

wcstol
malloc
memcmp
atol
strcmp
time
tan
swprintf
clock

ole32

CreateBindCtx
CLSIDFromProgID

advapi32

RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyA

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ