13deae44208b58b4fef1c2b8094062e1 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13deae44208b58b4fef1c2b8094062e1
Size

61KB
MD5

13deae44208b58b4fef1c2b8094062e1
SHA1

840fc9ded9ba5cefdf4169d249804253a917bfef
SHA256

bffbf25237789c678ae603aa069c1083f6dcced8de109902c3ff38bab7ca76d5
SHA512

84b1fffc2eb3259c56d65d0e67cc6de000b68102af463868f5715afca71d1f567af6cf80ec100e0fbea5bdd41e36346737cea9e3a088b43e7449239d5f1742a1
SSDEEP

1536:DUVB4xE+nWP6LTGSlCRLn6jZlwcu1MGSUJUc7DhUo:oUE+PLTGOCRTYS17SUJUc7lUo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13deae44208b58b4fef1c2b8094062e1

Files

13deae44208b58b4fef1c2b8094062e1
.exe windows:4 windows x86 arch:x86

41c0fc924ab925e88a4755de67fbd6e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
RegCloseKey
RegSetValueExA
RegDeleteValueA
GetUserNameW
RegEnumKeyExA
CryptGetHashParam
CryptDestroyHash
CryptHashData

user32

EndDialog
SetProcessWindowStation
FindWindowExA
GetCursorPos
GetMessageA
GetKeyboardState
GetIconInfo
GetDlgItemTextA
GetClipboardData
GetWindowLongA
OpenWindowStationA
SetThreadDesktop
DispatchMessageA
CharLowerBuffA
DrawIcon
GetClassNameA
ExitWindowsEx

kernel32

VirtualAlloc
WideCharToMultiByte
CreateProcessW
GetFileSizeEx
CloseHandle
InitializeCriticalSection
GetTickCount
GetFileAttributesW
SystemTimeToFileTime
Sleep
VirtualProtect
GetModuleFileNameA
SetFilePointer
HeapAlloc
lstrcpyA
GetUserDefaultUILanguage
OpenMutexW
lstrcpyW
SetFileTime

shlwapi

wnsprintfW
wvnsprintfA
PathRemoveFileSpecW
wnsprintfA
StrCmpNIA
PathFindFileNameW
StrCmpNIW
PathCombineW
SHDeleteKeyA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE