13702aed72ea1ff71d1d1dbb34e6c702 | Triage

Sharing

General

Target

13702aed72ea1ff71d1d1dbb34e6c702
Size

277KB
MD5

13702aed72ea1ff71d1d1dbb34e6c702
SHA1

554200b8dc5ecd6163c34dbd1cf0e16b5db9a70f
SHA256

9d22ef043e32f4d2da2c9569f2d08e3948d05b2eaad78d5d548901ae5e3ca340
SHA512

ac2ff3b31276e2573ccd5d8edce2b243cf53e374ec6e233046ce54eb8f17481e7f3621efe6fc2f8078364f886013673ce52c9e052fbbf83d022296360918ba84
SSDEEP

6144:stc7ssLujc3QOPni+hjWDOUejDUjlTkaWdgNi8lKZAVjMc:RZLujFO/9jWDxlkL6i8KAd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13702aed72ea1ff71d1d1dbb34e6c702

Files

13702aed72ea1ff71d1d1dbb34e6c702
.exe windows:4 windows x86 arch:x86

c5477197e41b72389dc9aa24252fee3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
CompareFileTime
GetStdHandle
HeapReAlloc
GetProfileIntA
lstrlenA
CloseHandle
WaitForSingleObject
VirtualProtect
LoadLibraryA
GetConsoleCP
TlsFree
GetAtomNameA
FindAtomA
InterlockedExchange
GlobalUnlock
TlsGetValue
GetTickCount
HeapWalk
GetACP
GetModuleHandleA

user32

UpdateWindow
LoadIconA
TranslateMessage
EnableScrollBar
GetMenu
EqualRect
ShowWindow
MessageBoxA
PaintDesktop
PostMessageA
GetDlgItem
InflateRect
SetPropA
DestroyMenu
GetKeyboardLayout
GetMenuStringA
CopyRect
CreateCaret
SubtractRect
InsertMenuA
DialogBoxParamA
ModifyMenuA
GetWindowTextA
DispatchMessageA
SetWindowPos

msi

MsiEnumProductsA
MsiGetMode
MsiCloseHandle
MsiEnumClientsA
MsiDoActionA

ws2_32

WSAAccept

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ