63c4e1c8474d9a7f139bc0c57e3beb5f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63c4e1c8474d9a7f139bc0c57e3beb5f
Size

162KB
MD5

63c4e1c8474d9a7f139bc0c57e3beb5f
SHA1

1df35080dc2b858ace80e7deec618d6093d63bd0
SHA256

73e579acf24438f581855307d9ec1be2d2a986501d43845ed0ca4ed71c66175a
SHA512

c8b083b2fb7d304f9750b8a4ab5130445ec05805d56c3ab8d11c46a2425cb21379e0cd696427bda3e73778f2bbf6294ee07ec8a097a95c2ad6578821d0725ec7
SSDEEP

3072:PvF2KGJb1yTHHJq0oKI7i5sdFKhfh/ZVY5Fphz808I1BAfgfmhrVQpzqx:V2DB1yTHXem5EEhfKQ0L1BLfm9VQpzqx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63c4e1c8474d9a7f139bc0c57e3beb5f

Files

63c4e1c8474d9a7f139bc0c57e3beb5f
.exe windows:4 windows x86 arch:x86

dca59c4f7827725ad37cbb439b67c1f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

user32

CharUpperA
GetKeyState
wsprintfW
MessageBoxA
wsprintfA
CharNextA
GetTopWindow
CharLowerA

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

SetEndOfFile
GetThreadIOPendingFlag
WideCharToMultiByte
CreateFileW
LoadLibraryA
CreateMutexA
InterlockedIncrement
TransmitCommChar
FlushFileBuffers
MultiByteToWideChar
GetTempPathW
SetStdHandle
EnumResourceNamesW
GetModuleFileNameA
InterlockedDecrement
GetProcAddress
FreeLibrary
CloseHandle
LoadLibraryW
ExitProcess
IsBadReadPtr
CompareStringW
GetLastError
CompareStringA
WriteFile
SetEnvironmentVariableA

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ