201bd27cfd553f5770a91c1d59bd32d0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

201bd27cfd553f5770a91c1d59bd32d0
Size

151KB
MD5

201bd27cfd553f5770a91c1d59bd32d0
SHA1

4537f257fda90b107c8bf2fc085a12d64a65f0a1
SHA256

9835926725c35a87d8ccc0a89399bedf07b95664db70c5b78766c6c7b6e88993
SHA512

d59e51b69ad4e4318dce19cc29a8706a9d90aa53e9858e51a93cc95270eb169a0585ed934ba45ff59c821b7d2d6ee3339688da1d8105feb22da623de181b49b8
SSDEEP

3072:d4TSbPpzCkV9H1NTGCblV+ZfRjrK+xI4i9cyu5S7Z1d/:weokVz1JblV+bjZieyu4Pd/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
201bd27cfd553f5770a91c1d59bd32d0

Files

201bd27cfd553f5770a91c1d59bd32d0
.exe windows:4 windows x86 arch:x86

3cf19d7eaa6ae6aa85eef88f5862cc5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
GetKeyboardType

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
DeleteCriticalSection
TlsSetValue
WinExec

advapi32

RegQueryValueExA

urlmon

HlinkNavigateString

Sections

.text
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE