1eee044b2e37022f7865ae82c3b2ed93 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1eee044b2e37022f7865ae82c3b2ed93
Size

67KB
MD5

1eee044b2e37022f7865ae82c3b2ed93
SHA1

867e2f44f16dc229211af2d4c0edcab2e79b4794
SHA256

2a32743d35d8b7733812a3c1363409ff1b67320ddb2487b434cf108aa4478f63
SHA512

edba79e70cd7ceb4647a006c2fbbb7caa0d8265ccfad83fa8e322ff7dd0e26dbf6e4b1ba87ac10bc8b143790b21393588f6950ab402cb7583efa29831a845bd2
SSDEEP

1536:2w4MA22OUXUKXS96dgGtB8UV2MdeObISF5btdEtGE:2wf2XM96CGtCuUSF5bctGE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1eee044b2e37022f7865ae82c3b2ed93

Files

1eee044b2e37022f7865ae82c3b2ed93
.exe windows:4 windows x86 arch:x86

23295a06d6dbed232e49e50275d2ac32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
FindFirstFileW
WaitForSingleObject
VirtualProtect
GetCommandLineA
EnterCriticalSection
HeapReAlloc
GetModuleFileNameW
GetSystemTime
GetTickCount
Sleep
VirtualAlloc
LoadLibraryA
GetFileAttributesA
lstrcpyW
GetFileAttributesW
CreateEventW
lstrcpynW
CreateMutexW
ExpandEnvironmentStringsW
GetFileTime
FindNextFileW
GetModuleFileNameA
GetLastError
GetProcAddress
HeapFree
SetFileTime
HeapAlloc

shlwapi

wnsprintfA
StrCmpNIW
PathCombineW
PathFileExistsW
SHDeleteKeyA
PathRemoveFileSpecW
wvnsprintfW
PathFindFileNameW
StrStrW
StrCmpNIA
PathMatchSpecW

advapi32

RegQueryValueExA
RegSetValueExA
CryptCreateHash
CryptDestroyHash
GetUserNameW
CryptAcquireContextW
RegCreateKeyExA
RegDeleteValueA
CryptHashData
RegEnumKeyExA
DuplicateTokenEx

user32

SetProcessWindowStation
OpenWindowStationA
LoadCursorA
DrawIcon
GetKeyState
PeekMessageA
GetMessageA
GetWindowThreadProcessId
GetClassNameA
CharLowerBuffA
GetWindowTextA
GetDlgItem
GetKeyboardState
DispatchMessageA

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE