f78fe76d7a6f4a70071c6ef6c9d79857 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f78fe76d7a6f4a70071c6ef6c9d79857
Size

166KB
MD5

f78fe76d7a6f4a70071c6ef6c9d79857
SHA1

a990ed3039b2b192a8804a4dc3c1a0fa3bcc4f89
SHA256

5c1f19888a4d787274b337a26985f8724835fd25e2100f9e498faf68802c77ac
SHA512

7d42beb61c06103b197d99ad0713631675eecad0f23a4fa7e595c716b7f323ec798d09197c10921e829835f7a912a7baf283561a2d3cb0540e564849522508e0
SSDEEP

3072:3NE2c4clEnZNCjOeIaTy06FEZhpa1k8cd4SgqxH65rhRMOIM:3NE2lmOeIaTy06FEBvZSFIM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f78fe76d7a6f4a70071c6ef6c9d79857

Files

f78fe76d7a6f4a70071c6ef6c9d79857
.exe windows:4 windows x86 arch:x86

2f8b5e655ef7457662700970926e29ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
LoadLibraryA
MulDiv
GlobalGetAtomNameA
GetPrivateProfileIntW
GetProcAddress
Sleep
FindFirstFileW
GetModuleFileNameW
DeleteCriticalSection
MultiByteToWideChar
lstrlenW
WritePrivateProfileStringW
EnumResourceTypesA
LoadLibraryW
GlobalSize
GetTickCount
GetDllDirectoryW
LockResource
GetModuleHandleW
FindClose
GetVersionExW
LoadResource
GetVersionExA
FreeLibrary
GetPrivateProfileStringW
GetLocaleInfoW

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shell32

DllGetVersion
ShellExecuteExW
SHGetFileInfoA
SHBrowseForFolderA
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
SHFileOperationW
SHGetPathFromIDListA
ShellExecuteExA
Shell_NotifyIconA

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ