04a5fd1a624b248dffa07593d3e8ae21 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04a5fd1a624b248dffa07593d3e8ae21
Size

20KB
MD5

04a5fd1a624b248dffa07593d3e8ae21
SHA1

0112cc8d12e8397e09e3aa4a7162f9686eb4b8dd
SHA256

f4b167de4eefbf2f87b5ac440fdbbb3eedf620eda37791d155edb3fb4380af62
SHA512

2d724b24f4470e4e0c67bb555a5e2b6146cf48ef2f2ecb81a09cada06e6f3422e74388762ddec326a17f4ff450acdedd55ce6571b9e646a9683e9bed85fb5f70
SSDEEP

384:9i8cLxP7uFEASGn/5AbaR3nqcMJdPOY3xVQKOK2YbnT:o8cVP7IGapqcMPPOQxGKP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04a5fd1a624b248dffa07593d3e8ae21

Files

04a5fd1a624b248dffa07593d3e8ae21
.dll windows:4 windows x86 arch:x86

45fd2dc7a75b6f97911c492361dfe426

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
WideCharToMultiByte
CreateEventA
GetFileAttributesW
lstrcatA
MultiByteToWideChar
GetTempPathW
GetProcAddress
GlobalFree
LoadLibraryA
GetModuleHandleA
lstrcatW
CloseHandle
lstrcpyW
lstrcpyA
lstrcpynA
ReadFile
WriteFile
CompareStringA
RtlUnwind
CreateToolhelp32Snapshot
Process32First
SetFilePointer
lstrcmpA
CreateFileA

user32

EndPaint
DestroyWindow
GetWindowRect
GetFocus
wsprintfA
GetClientRect
RegisterWindowMessageA
wsprintfW
SetWindowLongA
MessageBoxA
GetWindowLongA
CreateWindowExA
GetDlgItem
ShowWindow
CreateWindowExW
IsWindowVisible
SetWindowTextA
EnableWindow
CallWindowProcA
SetDlgItemTextA
SendMessageA

advapi32

RegQueryValueExA
RegCloseKey
RegSaveKeyW

Exports

Exports

cool
feed
plem

Sections

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ