07e845eb3c91e70838bc0763318893a4 | Triage

Sharing

General

Target

07e845eb3c91e70838bc0763318893a4
Size

61KB
MD5

07e845eb3c91e70838bc0763318893a4
SHA1

fc57434084592409e61ae80f268c6e632ffc6790
SHA256

a0d6733a65a0d7136d2ee474a8480469ad89bcbd60c8e638383be5d531310d77
SHA512

d83864c228c975a10c48e62c12f698d270c368670090a80256bad645dd9898915e977c048edaca6bb84b6194dc875a3222df4bf9a82ce225d58f69948b8b0978
SSDEEP

1536:JMkUMNP3Qp8xXB+mKLIHWdxDfdGAszyFIqu16o6W1EGp5V:qFMhu8xx3HWdSuq6KOq5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07e845eb3c91e70838bc0763318893a4

Files

07e845eb3c91e70838bc0763318893a4
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

e5e6a6e0c27954ef5931ac5efd3041fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegEnumKeyExA
RegCloseKey
DuplicateTokenEx
RegQueryValueExA
CryptDestroyHash
RegSetValueExA
CryptAcquireContextW
CryptGetHashParam
GetUserNameW

shlwapi

wvnsprintfA
PathMatchSpecW
PathFileExistsW
SHDeleteKeyA
PathFindFileNameW
wnsprintfW
PathRemoveFileSpecW
wnsprintfA
StrCmpNIW
StrStrW
PathCombineW

user32

CloseDesktop
GetWindowLongA
GetCursorPos
OpenWindowStationA
GetDlgItem
GetForegroundWindow
GetDlgItemTextA
ToUnicode
CloseWindowStation
FindWindowExA
SendMessageA
DispatchMessageA
GetKeyState
GetMessageA
GetKeyboardState
DrawIcon

kernel32

GetFileAttributesW
lstrlenA
VirtualProtect
GetSystemTime
GetTimeZoneInformation
lstrcatW
EnterCriticalSection
FindNextFileW
VirtualAlloc
CreateFileA
SetEvent
GetFileSize
SetFilePointer
Sleep
CreateThread
HeapReAlloc
HeapAlloc
CreateMutexW
GlobalUnlock
OpenMutexW
GetLastError

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE