6a5b65527824faf518d2278167e0c38c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a5b65527824faf518d2278167e0c38c
Size

101KB
MD5

6a5b65527824faf518d2278167e0c38c
SHA1

925eed824351da03684ad0645d9be4e03cca80d9
SHA256

798dd57e0d4202ffaee3763b159fdb48fdc44ed7a2941c3bc61d4ad5d783aad8
SHA512

006a649a03c0da1033f2da8784fdb0d3e26ea00a13ec44bcb4e4db9159c7d43da2924627bf73851e0e2c173ac89ced54315d628ccb2cb2968ef3c33cc1415082
SSDEEP

1536:MHuofLtPKeUkILuBfQnLOpA1o2xHFNNSLus/D5prlVGulcQOVD5WRLn3MnT:MZ9KxPSeLOpA1RHFNNSjVGue7vWlMnT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a5b65527824faf518d2278167e0c38c

Files

6a5b65527824faf518d2278167e0c38c
.exe windows:4 windows x86 arch:x86

8c15165234d1e64d47b4c0d14c4428bc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
RtlUnwind
GetCurrentProcess
VirtualAlloc
ExitProcess
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
QueryPerformanceCounter
GetLastError
TerminateProcess
GetProcAddress
AddAtomW
GetCurrentProcessId

comctl32

CreateMappedBitmap
DSA_Create
ShowHideMenuCtl
ImageList_DragEnter
InitCommonControls
MenuHelp
CreateToolbar
GetEffectiveClientRect

Sections

.textbss
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ