1e58098b2352a7a447371d1f4b19fbaa | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1e58098b2352a7a447371d1f4b19fbaa
Size

67KB
MD5

1e58098b2352a7a447371d1f4b19fbaa
SHA1

7d07e9ffab1708500d78b52e87610d45626192eb
SHA256

06993b2b8e83fa15e9e1a9e8239aede94243b91104135ea799d892a9d767d04e
SHA512

7335f0773f8ab582faaaf072ba4b81048b6ed616cd8d41dda72e0a233250f4edb4a08da78fa2f4bc9ae76c45025693be98c227938d2bad8a9ee8cf88e4393753
SSDEEP

1536:CwOaPqU2jKW9qeuIcXZvgX/9vshK/tzRCmmh3ZKObTZ7cgGtpnHHzgize:C652jw9IcXZYX/9vshKdTsJKGZxIHHzH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1e58098b2352a7a447371d1f4b19fbaa

Files

1e58098b2352a7a447371d1f4b19fbaa
.exe windows:4 windows x86 arch:x86

245f324721374c3ac537e6abfcd42157

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextW
RegCloseKey
CryptReleaseContext
RegDeleteValueA
DuplicateTokenEx
RegCreateKeyExA
GetUserNameW
RegEnumKeyExA
RegSetValueExA

kernel32

VirtualAlloc
EnterCriticalSection
VirtualProtect
lstrcpyA
GetFileAttributesA
FindClose
HeapAlloc
GetVersionExW
ResetEvent
GetSystemTimeAsFileTime
SetFileTime
FindFirstFileW
GetLocalTime
LoadLibraryA
CreateFileA
GetTickCount
lstrcmpiW
GetModuleFileNameW
lstrlenW
WaitForSingleObject
GetFileAttributesW
lstrlenA
HeapFree

shlwapi

PathRemoveFileSpecW
StrCmpNIW
PathFindFileNameW
SHDeleteKeyA
wvnsprintfW
wnsprintfA
PathCombineW
wnsprintfW
PathFileExistsW
StrCmpNIA

user32

PeekMessageA
GetDlgItemTextA
GetForegroundWindow
ExitWindowsEx
GetKeyboardState
CharLowerBuffA
EndDialog
GetWindowTextA
CloseDesktop
MsgWaitForMultipleObjects
LoadCursorA
GetIconInfo
GetWindowThreadProcessId
OpenWindowStationA
FindWindowExA
SetProcessWindowStation
GetCursorPos
GetMessageA

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE