05a8b49ba4c96d376f06aca2191859cc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05a8b49ba4c96d376f06aca2191859cc
Size

12KB
MD5

05a8b49ba4c96d376f06aca2191859cc
SHA1

2f5c9a14b0f9b96d852cc09ff03744e959cdb266
SHA256

f1d4eef186153095a63a8e643fc715bf2c4eb4f8019cff156151c39138eb1d9a
SHA512

45dabe3d3e76e32293a2e3a8c438b4b72b4049ec5d30f83c4d4452bb2c66c073fc997a3ce8a54bb11cde11e53dfa84d1dfde156190574592cb19af230384e244
SSDEEP

192:Y3Xv0pAoq3oDUSf0+lBtAFxLYFpuJCx4oeS90iktDwb82cESWS2:HAoq3kfTlBwLYFpurS90ikxwuESWS2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05a8b49ba4c96d376f06aca2191859cc

Files

05a8b49ba4c96d376f06aca2191859cc
.exe windows:4 windows x86 arch:x86

93183f35d523ce8dd3906d99e403033d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetShortPathNameA
GetTempPathA
lstrcpyA
GetModuleHandleA
GetCommandLineA
CloseHandle
DeleteFileA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleFileNameA
GetFileAttributesA
GlobalFree
GlobalAlloc
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetLocaleInfoA
GetSystemDefaultLCID
GetVolumeInformationA
GetWindowsDirectoryA
lstrlenA
LocalFree
ExitProcess
GetProcessHeap
GetEnvironmentVariableA
HeapAlloc

user32

wsprintfA
CharUpperA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ