164c73730d3ebdb5a894cf26e0f36a27 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

164c73730d3ebdb5a894cf26e0f36a27
Size

302KB
MD5

164c73730d3ebdb5a894cf26e0f36a27
SHA1

632f53508de5c091adc5440e74586056c492f9c5
SHA256

9861d362ecae2da55524c29813c56219f62575a51e13efc25eccb69070af3bd6
SHA512

5fd9dee7f26c806c0dae32c01ea0fa12abe5b0c57aeb604ba61e464b104dff23fc595fc8db0a31774f83a7741bd3e6a54f80f885bb8aaeccb510813600d2122d
SSDEEP

6144:oijyzKN2yc5gDfBwaX1QxeU1ObAelZ/IcqfRkyjjXqo6FDGk3sV0:vNoWBRlQkU1OMeOfmynqo+GOs2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
164c73730d3ebdb5a894cf26e0f36a27

Files

164c73730d3ebdb5a894cf26e0f36a27
.exe windows:4 windows x86 arch:x86

6b7f3cf26a3c9cbb4ad8b0f3e4c9c874

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualAlloc
GetModuleHandleA
TerminateThread
GetLastError
CloseHandle
ResetEvent
GetFileSize
CreateFileA
PulseEvent
GetCurrentThreadId
LocalReAlloc
Sleep
VirtualFree
VirtualLock

user32

MoveWindow
SendMessageA
GetSysColorBrush

netapi32

NetDfsRemoveFtRootForced

avifil32

AVISaveOptionsFree

msvfw32

DrawDibStart

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ