157ef797f490f63045763383ff487653 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

157ef797f490f63045763383ff487653
Size

9KB
MD5

157ef797f490f63045763383ff487653
SHA1

334075e2f64c06003d713120e445dcfdd7b97144
SHA256

8f77862294612916b548b6786cd91275fbb5e21b5ed29c184ce6db0184020836
SHA512

eeabb41f7d38e8dd1f0933e42be6b575d31460b7730b44f37cc15e690b274be4918f33a66634fe99b76af3954c7c5aa6c56498b964ecdc8209383922fdf63fff
SSDEEP

192:ptP6aMGF2Kl3xdBE44P1Y68YIulNTTxkJnURFcm/v:pAaMtKGbBRFcWv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
157ef797f490f63045763383ff487653

Files

157ef797f490f63045763383ff487653
.exe windows:4 windows x86 arch:x86

2ae476c3ca7607b39da2362b0817ec5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrcatA
GetCurrentProcess
SetEvent
ExitProcess
GetModuleHandleA
GetModuleHandleW
HeapAlloc
GetProcessHeap
HeapFree
RtlUnwind
InterlockedExchange
VirtualQuery
VirtualAlloc
HeapReAlloc
GetProcAddress
CloseHandle

user32

MessageBoxA
ExitWindowsEx

advapi32

RegSetValueExA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyA

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE