01957e0f8432c1a8778821d652aaba3e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01957e0f8432c1a8778821d652aaba3e
Size

7KB
MD5

01957e0f8432c1a8778821d652aaba3e
SHA1

8e2d4d135a8b2b1d69089ee2f4598440a7c34451
SHA256

de3e97eeef8c324ea278ddae24d8438e8277497ee904163b499d8cb5872ef54c
SHA512

c6a826417982cceacfc48ae5fc714289541ebf2ccaf10faf86d2d30dbdf71a7dd55ef8b6dcfa369bcd2dd8c8d069354579bc68124fc7b92b2c07071def995585
SSDEEP

192:EZtw/lMM2O/MXpX+mpF5+RNSSz6eJA2xG7W:6m/AXpOLRNSSOeK2xG7W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01957e0f8432c1a8778821d652aaba3e

Files

01957e0f8432c1a8778821d652aaba3e
.exe windows:4 windows x86 arch:x86

e8f71460b53e83d8dd8791bafd853851

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
lstrcpyA
GetACP
CreateProcessA
GetStartupInfoA
GetCurrentProcess
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
GetProcAddress
FreeLibrary
CancelIo
LoadLibraryA
GetThreadPriority
lstrcatA
MoveFileExA
CloseHandle
CreateFileA
lstrlenA
GetTempFileNameA
CreateDirectoryA
Sleep
lstrcmpiA
DeleteFileA
ReadFile
SetFilePointer
GetFileSize
GetSystemDirectoryA
GetModuleFileNameA
GetTempPathA
GetShortPathNameA
GetLastError
CreateMutexA
GetCurrentThread
HeapAlloc
GetProcessHeap
HeapFree
WriteFile
ExitProcess

user32

GetTopWindow
SetActiveWindow
GetActiveWindow
wsprintfA
GetCapture

gdi32

CreateCompatibleDC
CancelDC
GetBkMode
GetBrushOrgEx
CreateCompatibleBitmap
GetBkColor

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE