168d787d1e661f021cd336b8fcbc05a5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

168d787d1e661f021cd336b8fcbc05a5
Size

50KB
MD5

168d787d1e661f021cd336b8fcbc05a5
SHA1

0d6e95e2735620a98c487cd44afb7c53ce95d1c7
SHA256

ac0ab0fa275c9be78d3f583ed0e033894497b7ca034bb49ea0a562af27d75e13
SHA512

8023a85d35ca7ab47e8dd8370714e24798c09bb2e272f76af93aa5b4d7e38789cb42840e1463d02fee54f1ad61296bee24ee926fc42a100ef45c486e4279dcec
SSDEEP

768:WN9MAcVL6MGshYDPuZyKUrWGQiqpCJqFC3cAS1oEi6dCHZ+QU1krv9TL4sT6m8:F/V6MGFrKUdkEEFCM51oP6dP1cSmB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
168d787d1e661f021cd336b8fcbc05a5

Files

168d787d1e661f021cd336b8fcbc05a5
.exe windows:4 windows x86 arch:x86

580e3c2a5a353b2b2e235d5d21fe83e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
DebugBreak
EnumResourceTypesA
ExitProcess
GetDiskFreeSpaceExA
GetNamedPipeHandleStateW
GlobalUnlock
Heap32First
LoadLibraryExA
SetEnvironmentVariableW
SetThreadIdealProcessor
SwitchToFiber
WriteConsoleInputW
lstrlenW

advapi32

BuildSecurityDescriptorW
BuildTrusteeWithSidA
GetSecurityDescriptorOwner
MapGenericMask
OpenBackupEventLogA
RegCloseKey
RegConnectRegistryA
RegDeleteKeyA
RegRestoreKeyA
SetSecurityInfo

gdi32

CombineRgn
EndPath
GetLogColorSpaceW
PolyTextOutW
SetPaletteEntries

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE