7706819ba2800198ddd7f741ff206b29 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7706819ba2800198ddd7f741ff206b29
Size

132KB
MD5

7706819ba2800198ddd7f741ff206b29
SHA1

b918c538a8bea9b7f51bddd5d8e40f7e10869aa3
SHA256

e33feceac1e1ea8278c814b3be74771e39618b37ac912828d6b3aa707636cf60
SHA512

f11c49b6bbf8149baeaf9010e654f2bfe0e9e5fa1dd65350632f12c4836a81027a008e49f967784d68862c9453b0cc0c1e875f0d7dd7eb5197bd62005719d74b
SSDEEP

3072:7NcpTWrsLMdbugwEXWK4+K/rL6Is/off3MqTneqmQcPsS9S:BfrsL0TwY4BiTAfvZejQ9S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7706819ba2800198ddd7f741ff206b29

Files

7706819ba2800198ddd7f741ff206b29
.exe windows:4 windows x86 arch:x86

55806054395f8e419bd51c3df25d24a2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
UnmapViewOfFile
ClearCommError
ReadFile
DuplicateHandle
FindClose
ReleaseMutex
ClearCommError
MapViewOfFile
SetFilePointer
GetExitCodeProcess
FindResourceExA
SetLastError
EnumResourceNamesW
QueryPerformanceCounter
ExitProcess
GetModuleFileNameW
CreateProcessW
CreateMutexA
ReadProcessMemory
CreateFileMappingA
ExitProcess
GetStartupInfoA
LocalSize

user32

SetTimer
LoadStringA
PeekMessageA
GetWindowThreadProcessId
CharNextA
GetMessageA
IsWindowVisible
EnumWindows
MessageBoxA
KillTimer
wsprintfW
GetWindowTextA
PostThreadMessageA
CharUpperA
DispatchMessageA
wsprintfA

rpcrt4

RpcBindingFromStringBindingA
NdrClientCall
RpcStringBindingComposeA
RpcBindingSetAuthInfoA
RpcStringFreeA

shlwapi

PathFindExtensionA

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ