649a1bb6c2a5058142ec53431a30ff2d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

649a1bb6c2a5058142ec53431a30ff2d
Size

112KB
MD5

649a1bb6c2a5058142ec53431a30ff2d
SHA1

84fe23675000c51dcf4801779a5ff1d59509152b
SHA256

e9154b8ab60939fb1bcacb71ac4a1e01385d117eb8ee3675b8a522f07542836f
SHA512

0eab4ba7804df3ce3e7ceedd54c09232324fd63ae6ad4c98c540a4a5c38e546df37d2f248fb747e3f2fc9d8533b277d15bec1a0e4468a78a2b1c9f2fc814559c
SSDEEP

1536:EEw1w8rRUQmlThtCkq0r0pPcp0sXOsRlHLxxf3ML/Hm:EEMrGQYnHq0TOsRBxx0rHm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
649a1bb6c2a5058142ec53431a30ff2d

Files

649a1bb6c2a5058142ec53431a30ff2d
.exe windows:4 windows x86 arch:x86

f298c0908b12ac37cb62b2d702ee56f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumberFormatA
HeapFree
GetLogicalDriveStringsA
UnlockFileEx
GetCurrentThreadId
GetPrivateProfileSectionNamesW
VirtualAllocEx
GetCommandLineW
DisconnectNamedPipe
EnumResourceNamesA
GetCurrentProcess
IsSystemResumeAutomatic
DeleteTimerQueueTimer
ExitProcess

user32

LockWindowUpdate
LoadBitmapW
DragObject
CharToOemBuffW
GetMenuItemID
ImpersonateDdeClientWindow
DispatchMessageA
SetScrollInfo
GetDCEx
GetAppCompatFlags2
InvalidateRect

gdi32

SetBoundsRect
PolyTextOutA

Sections

.text
Size: 100KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbbs
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ