1ed1d899561e79488132cd59dfd2d3b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ed1d899561e79488132cd59dfd2d3b4
Size

67KB
MD5

1ed1d899561e79488132cd59dfd2d3b4
SHA1

e0d1ee1cd5d0cc0202d1321ef4e89471a4e816e7
SHA256

3bbd555366e82b419626a5c8f3e817f1710e8194f05490377b86e79122512c92
SHA512

4ad153a7cc353a67178bd2daa1eecc631b4ceddc9800c1c8a696a9750f921f5ec258f2bc406f5fb810ca77fdf9b9a14b0582715132fdd1ccce7dba16c4d4f3a9
SSDEEP

1536:lnvRU3fdXV9Bou+RkELMc/IAzEs5rnrOm44:BvMdXBXj4bNl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ed1d899561e79488132cd59dfd2d3b4

Files

1ed1d899561e79488132cd59dfd2d3b4
.exe windows:4 windows x86 arch:x86

67c8f699c093781ef093c2806abddae4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDestroyHash
RegEnumKeyExA
CryptHashData
RegDeleteValueA
CryptGetHashParam
RegCreateKeyExA
CryptReleaseContext
RegSetValueExA
GetUserNameW
DuplicateTokenEx
CryptCreateHash

kernel32

GetFileAttributesA
GetVersionExW
LeaveCriticalSection
GetTickCount
VirtualAlloc
GetSystemTime
GetFileAttributesW
FindNextFileW
GetUserDefaultUILanguage
SystemTimeToFileTime
GetProcAddress
WideCharToMultiByte
EnterCriticalSection
GetLocalTime
ExpandEnvironmentStringsW
InitializeCriticalSection
GlobalUnlock
VirtualProtect
GetModuleHandleA
lstrcatA
FindResourceW
GetFileSizeEx

user32

GetWindowThreadProcessId
MsgWaitForMultipleObjects
OpenWindowStationA
PeekMessageA
GetClipboardData
DispatchMessageA
GetClassNameA
SetProcessWindowStation
SendMessageA

shlwapi

StrCmpNIA
SHDeleteKeyA
wvnsprintfA
wnsprintfA
PathCombineW
PathFindFileNameW
StrStrW
wvnsprintfW
wnsprintfW
PathMatchSpecW
PathRemoveFileSpecW

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE