128b56f51f19e0caaaad573feca64de8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

128b56f51f19e0caaaad573feca64de8
Size

217KB
MD5

128b56f51f19e0caaaad573feca64de8
SHA1

b4bc73b62105c1eb1cddf11d3a3ff4660df4dd20
SHA256

e7b106783e52c434592bbf871f5b4e1b636ef81626c92db07042311815ac4727
SHA512

5c18f9cd62ca4d73bfca8029b66accdc176c26b5f6a0fb750fa1d01e873bd5a55cd0606d422f5cd7046286ab871068f9f4b1d14027a99181fd53c3196de1bd0a
SSDEEP

3072:QTzTVhigdrdKOHEWZRwO7gUAZ1wN+GAlU2ATjP7HjzbU03hu:QTzTvdrUiDU8PA22Ojz3r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
128b56f51f19e0caaaad573feca64de8

Files

128b56f51f19e0caaaad573feca64de8
.exe windows:5 windows x86 arch:x86

a0dfc542ced801d4299dc4bb16d6a831

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSystemMetrics
GetDC
GetDesktopWindow
CharNextA

kernel32

GetLastError
lstrcmpA
QueryPerformanceCounter
GetCommandLineW
IsDebuggerPresent
Sleep
GetModuleHandleW
DeleteFileA
GetCurrentThread
GetUserDefaultLangID
GetTickCount
CopyFileA
GlobalFindAtomW
GetModuleHandleA
GetConsoleOutputCP
MulDiv
GetVersion
GetCurrentThreadId
GlobalFindAtomA
GetProcessHeap
lstrcmpiW
SetCurrentDirectoryA
VirtualAlloc
LoadLibraryW
RemoveDirectoryA
GetStartupInfoA
GetThreadLocale
GetDriveTypeA
GetCommandLineA
GetCurrentProcess
lstrcmpiA
DeleteFileW
GetOEMCP
GetACP
lstrlenA
lstrlenW
SetLastError
GetCurrentProcessId
GetWindowsDirectoryA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ