03a1dc0240ead69dcdcf4385f76c799d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03a1dc0240ead69dcdcf4385f76c799d
Size

448KB
MD5

03a1dc0240ead69dcdcf4385f76c799d
SHA1

03ee4ec26123c42b5b12165a02cb9cd4818121f0
SHA256

de5412b8bb0a8ba116c454e64ab1fe79359f2b8688105ee875be09bb14df3121
SHA512

f70f33be2c65de9fbf5b984de5a90ecd84e64b23734532b1e2bb1831091e7409163f662459171b97343654536b481fe43f06bd86cd51ac2601ef8ebe4aa0eb1e
SSDEEP

12288:kl7rzbd44BCNNdR0otecIdygfkyXN6V11:ktrNsPdR1wyGNM11

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03a1dc0240ead69dcdcf4385f76c799d

Files

03a1dc0240ead69dcdcf4385f76c799d
.exe windows:5 windows x86 arch:x86

b59c588cc2ca5173d89cdb7f10f06534

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExA
CryptGetHashParam
GetUserNameW
CryptDestroyHash
CryptAcquireContextW
CryptHashData
RegCloseKey
CryptReleaseContext
RegQueryValueExA

shlwapi

wvnsprintfW
SHDeleteKeyA
wnsprintfW
PathMatchSpecW
PathFindFileNameW
PathFileExistsW
wnsprintfA
PathRemoveFileSpecW
StrCmpNIW
StrStrW

kernel32

WaitForSingleObject

Sections

.qtuz
Size: 39KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.odsdyn
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wzcf
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ