05b28c64af3dcfc72f5216c785593e1a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05b28c64af3dcfc72f5216c785593e1a
Size

5KB
MD5

05b28c64af3dcfc72f5216c785593e1a
SHA1

8d6106db35507d32aafc503de22cd3839ee27457
SHA256

0bc098b65cbdb02beff3025b44ffe600d5d9907dfafa8060eb672c5770a0cb84
SHA512

9e734cee45f304819fd8ea393213dc882f96394abcbdf6ea0c4c337ba41229f394a5505832818b1f2c7f5db07ee92088d4e164fdb229d48db86baa2a09516577
SSDEEP

96:IEullPCE/voo1kv1qM3BPLEjVAIOVrxmi:Iv1/lGBDrIOVNmi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05b28c64af3dcfc72f5216c785593e1a

Files

05b28c64af3dcfc72f5216c785593e1a
.exe windows:4 windows x86 arch:x86

473b1fc399e644141d3d34bd804f747f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
WideCharToMultiByte
GetModuleFileNameW
lstrcatA
CreateToolhelp32Snapshot
Process32First
CompareStringA
WaitForSingleObject
CreateEventA
CloseHandle
GetModuleHandleA
GetProcessHeap
HeapAlloc
HeapFree
ExitProcess
SetEvent
CreateThread
GetProcAddress
ExitThread

user32

IsWindow
GetParent
GetDesktopWindow
DestroyWindow
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
PeekMessageA
CreateWindowExA

gdi32

SelectObject

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE