144a957bce70edafd542bdbd31615ba6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

144a957bce70edafd542bdbd31615ba6
Size

65KB
MD5

144a957bce70edafd542bdbd31615ba6
SHA1

b622b15713429451d32eec11061f6a1fc643ff4c
SHA256

79d4b7ad118e0ee60aea94e6b6890a9720b658daebff89227e45bfd72b5f80e4
SHA512

4d4df0112fb5674d370a2c6ba7fb6970b36c72505eec461aa7033c2a2b1c04bcf77598d30b9e8d193f2df8353cffabd0708023fa973af889858c0333be74f15e
SSDEEP

1536:VlDmFRZKFtI0Blpxh+QOhV5+JCKX5bzrIB14KBw2ROCIO:VkFRAvXBDd6Kc14Z0OCIO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
144a957bce70edafd542bdbd31615ba6

Files

144a957bce70edafd542bdbd31615ba6
.exe windows:4 windows x86 arch:x86

af48b4099540dc99fe51b0a09f730edf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

PeekMessageA
FindWindowExA
GetIconInfo
EndDialog
GetKeyboardState
GetWindowThreadProcessId
ExitWindowsEx
SendMessageA
CloseDesktop
SetThreadDesktop
GetCursorPos
CharLowerBuffA

shlwapi

PathMatchSpecW
PathCombineW
StrCmpNIW
wnsprintfA
PathRemoveFileSpecW
PathFindFileNameW
wnsprintfW
SHDeleteKeyA
StrCmpNIA

kernel32

GetFileSizeEx
VirtualAlloc
VirtualProtect
lstrlenW
GlobalLock
MultiByteToWideChar
GetSystemTimeAsFileTime
GetFileAttributesA
GetTimeZoneInformation
GlobalUnlock
ExpandEnvironmentStringsW
WaitForSingleObject
GetFileAttributesW
GetCommandLineA
CreateFileA
FindNextFileW
FindFirstFileW
GetLocalTime
lstrcatA
CreateEventW
CreateThread
CreateProcessW

advapi32

RegCloseKey
DuplicateTokenEx
CryptHashData
CryptReleaseContext
GetUserNameW
RegEnumKeyExA
CryptAcquireContextW
RegQueryValueExA
CryptCreateHash
CryptDestroyHash
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE