1ac67a5bca99686753373d7788693b20 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ac67a5bca99686753373d7788693b20
Size

200KB
MD5

1ac67a5bca99686753373d7788693b20
SHA1

158ae129048b0e0aff091c220de21a5996069d2b
SHA256

a70e1672dfd63f039a8cb74d842572d0a522dc058df10da3d6f6d9a6918b3afd
SHA512

85c98a579e2d92195bc0923ebec85c0a49e17a84ecdf55d3fd66eb019f5bf4eb7fe62c90dc37349e5e4a6a8c6507f7739cb80ee25a82de0070ee7fe888891e6a
SSDEEP

6144:i9FKTNEj1i3wv6FN8jWrgOKd0yMmmclXJ:uFKTNoi3wxmKayxmclZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ac67a5bca99686753373d7788693b20

Files

1ac67a5bca99686753373d7788693b20
.exe windows:4 windows x86 arch:x86

17a5406f4b411ff6de96596c7bd57bb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalLock
TerminateThread
HeapLock
VirtualFree
LoadLibraryA
VirtualAlloc
VirtualProtect
LocalReAlloc
GetProcAddress
GetModuleHandleA
Sleep
CreateSemaphoreA
ResetEvent
VirtualAllocEx
GetEnvironmentStrings
GetLastError
GlobalAlloc
VirtualLock
SetEvent

user32

IsZoomed
InSendMessage
GetDesktopWindow
LoadBitmapA
LoadCursorA
FindWindowA
GetDC
GetCursorPos
IsIconic
ReleaseDC
SetTimer

shell32

SHGetFileInfoA

psapi

GetProcessMemoryInfo
EnumProcessModules

msvfw32

DrawDibOpen
ICInfo
DrawDibClose
DrawDibEnd

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ