6c133e7b1f14610554e80c8fa5b95171 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6c133e7b1f14610554e80c8fa5b95171
Size

45KB
MD5

6c133e7b1f14610554e80c8fa5b95171
SHA1

f89807d70d9e7148282bdd4e931ff05f595aeaca
SHA256

ae43d3442324184708b4836343e71b8b28d20e37a940d29dc76f3d389b1ce067
SHA512

698009128fe3f4ee6ffe12e9df4cc061d3aa1de1da804a776dc1d41bebdab24b1d670a855cc505b221105d6b5d21f5befb87ce30b96cc742acedf511033a0e1b
SSDEEP

768:kwTVd/b99jhEhVftVEPd/aBB8riAvjHzRz3VQT1QzphY6ONzb6g99b7HQj:kKbz9nEhVfTEpaBBCtz3OT4puNz7M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6c133e7b1f14610554e80c8fa5b95171

Files

6c133e7b1f14610554e80c8fa5b95171
.exe windows:4 windows x86 arch:x86

29d4d9a4e535bff721362e89820bef9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 40KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE