1fea50012080720b90ca4a8e84d7255e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1fea50012080720b90ca4a8e84d7255e
Size

19KB
MD5

1fea50012080720b90ca4a8e84d7255e
SHA1

448e77d96cfc8b68f065b34d99698a19c4347025
SHA256

c96190741091bf1ebb2401201355a5c3ebf91bfa8f27a15a434f9fc615f5a602
SHA512

37ad1d77fe81a2dac07833b6eb351bb16d154532c435a513dd50a6f412ab2b04a653d392fb0d16f1a5bb34d54b09bff994e00d1d622340da7648db632ceb251a
SSDEEP

384:qamU2pZWg6TlDjhLeUBBX24zPjucK5cjK3kLeNVtJYct85AOIeuulnfWjvOeo:qZw9lD1LeUBBmcKyI2atYct7Nerln

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1fea50012080720b90ca4a8e84d7255e

Files

1fea50012080720b90ca4a8e84d7255e
.exe windows:4 windows x86 arch:x86

52691cf99b428b33a3d9731ba9a81899

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetTempPathA
lstrcpyA
CloseHandle
lstrcatA
WaitForSingleObject
CreateEventA
GetProcessHeap
SetFilePointer
CreateFileA
lstrlenA
GetModuleFileNameA
LoadLibraryA
GetModuleHandleA
ExitProcess
WriteFile
GetProcAddress
CreateThread
SetEvent
ExitThread
GetVersionExA
RtlUnwind

user32

wsprintfA
DispatchMessageA
SetThreadDesktop
ShowWindow
PeekMessageA
TranslateMessage
CreateDesktopA
MsgWaitForMultipleObjects
DestroyWindow
CharToOemA
IsWindow
GetTopWindow
CreateWindowExA

advapi32

RegCreateKeyExA
RegCloseKey

shell32

SHGetFolderPathA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ