1164ba14a823f15dc455962ab91bccab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1164ba14a823f15dc455962ab91bccab
Size

51KB
MD5

1164ba14a823f15dc455962ab91bccab
SHA1

d0de840dbba0209046eb4ad50737fba18ddeff6d
SHA256

bbfcb0132208c512d32f246d092ee0830fe14fdb777dc770a89a6178c01f257e
SHA512

131d369d1a0c050494d68fa646dc85ed3ce719afa3acd4551a4d80dee1802c255dbefb77dbf2d7a7fd84eaf09039cbd8a7d2912e8b01b541a154e464d432e3c7
SSDEEP

768:JUnp6V/2yBiIeUgd2M4J9P62jm0aBMBcDHDLOjrCphbBfTK17fUT6LzZaWCIeXkU:JjzBjy9D25I/aKfO7cOMWCH0U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1164ba14a823f15dc455962ab91bccab

Files

1164ba14a823f15dc455962ab91bccab
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

b044f2dd7ee22c438a752ac9ec2a9c67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

advapi32

CryptAcquireContextW
GetUserNameW
RegCreateKeyExA

shlwapi

PathCombineW
PathFindFileNameW
SHDeleteKeyA
StrCmpNIW
StrStrW
wnsprintfA
wnsprintfW
wvnsprintfA
wvnsprintfW

user32

CharLowerBuffA
DispatchMessageA
EndDialog
GetForegroundWindow
GetMenuItemID
GetMessageA
GetWindowLongA
GetWindowThreadProcessId
MsgWaitForMultipleObjects

Sections

.slivqr
Size: 42KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pstax
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vwzkr
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ