1861f97e7a126638d1e59185aafe1768 | Triage

Sharing

General

Target

1861f97e7a126638d1e59185aafe1768
Size

34KB
MD5

1861f97e7a126638d1e59185aafe1768
SHA1

87e16297c11402b63c70d99bfcacf586d9a0915f
SHA256

371afc15693a22e2db8b1ee298579713987efdc836e596fd1dc9de28e18717a8
SHA512

c95c39efc53fa6dfefb0029fe19f7f4806e7fa67a1ed586e6b3ee4eff1d2f5d5064c6bdd9fbe9c15757a260047f05763cfa0f1e5e610ccb30f17e705db84d255
SSDEEP

768:Cr/X0489ONYuQTMwnqxMExDi1/N5BRlNtMAEJkQCj9M66BWV:CrLvaTMwExD4BfbMe7/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1861f97e7a126638d1e59185aafe1768

Files

1861f97e7a126638d1e59185aafe1768
.exe windows:4 windows x86 arch:x86

0a85f0bb6d9a249e9368e7b4c7211d49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TrackPopupMenu
GetWindowTextA
SetCapture
DefWindowProcA
SetWindowPlacement
GetWindowLongA
EnumChildWindows
DrawEdge
IsDlgButtonChecked
EndDialog
LoadIconA
DrawFrameControl
DialogBoxParamA

gdi32

StartDocA
LineTo
RestoreDC
EndDoc
BitBlt
GetStockObject
SetMapMode
GetBkColor
Rectangle
SetROP2
DeleteObject
DeleteDC
SelectObject
ExtTextOutA

msvcrt

_wctime
_snwprintf
_getcwd
strcpy
wcsrchr
wcschr
__mb_cur_max
memmove
wcsstr
strcmp
wcsncpy
time
_wcsnicmp

kernel32

GetProcessHeap
EnterCriticalSection
HeapFree
FreeEnvironmentStringsW
FatalAppExitA
CreateEventA
LCMapStringA
SetEndOfFile
lstrlenW
GlobalAlloc
CreateProcessA
GetProcAddress
CreateFileMappingA
lstrcpyA
lstrcmpA
CloseHandle
SetStdHandle
lstrcmpiA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ