fe61274f929c16ef5e8c7c25f6e51070 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fe61274f929c16ef5e8c7c25f6e51070
Size

297KB
MD5

fe61274f929c16ef5e8c7c25f6e51070
SHA1

c7cf55ac32ec4633d9568d0968e257dd5459f913
SHA256

57b0131d358fb793dfc6bee610cd427e30c30a8b4ccd9401fff9b47b0cf325ff
SHA512

0ee739d64585d5a00c963280c3828bd2aeff3a9a094e55ece497285bcccab38f0a4022ec6dc33d38611f4caabbe56c66f8451516b7dc6165d0e0560e32606089
SSDEEP

6144:fMbd6wzNfupt+PflkG1FUT55HP/rNtFgMFE66z8N0NZy2vUqg/MA:f2x5ctYflkYFUT55r/FgMFez8yHRM/F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe61274f929c16ef5e8c7c25f6e51070

Files

fe61274f929c16ef5e8c7c25f6e51070
.exe windows:4 windows x86 arch:x86

37f1643ea0e68c1ed733ae9c17f7f697

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
CloseHandle
GetComputerNameA
GetModuleHandleA
SetEvent
GetSystemTime
CreateFileA
GetCommandLineW
SetLastError
FindAtomA
ResetEvent
GetExitCodeProcess
CreateThread
GetDiskFreeSpaceW
GetTickCount
SuspendThread
GetFileAttributesA
HeapCreate
LocalFree
LoadLibraryW

advapi32

RegQueryValueA
RegDeleteKeyA
RegEnumValueA
IsTokenRestricted
RegCreateKeyExA
CloseEventLog
RegCloseKey
GetFileSecurityA
CreateServiceW
RegEnumKeyExA
CredFree
GetLengthSid
GetUserNameW

cryptui

CryptUIDlgSelectCA
LocalEnroll
WizardFree
CryptUIDlgCertMgr
CryptUIDlgSelectStoreA

powercfg.cpl

CPlApplet

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ