19f1127984a818d3ddac37a880629ae0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19f1127984a818d3ddac37a880629ae0
Size

241KB
MD5

19f1127984a818d3ddac37a880629ae0
SHA1

b5768739b435419b5f1f310ea58fa1434a4699bd
SHA256

e45c42b509236c05d380a5739f9fdabdf698b37156b5a9cde4c939a08dbd5dfc
SHA512

100b03e14de2223533b6c49a1a153f9e84dfab84eb2e5b89e74aac8ccd460d340097e5b3484fa849ef5241a90b9bc27dbedf242f9f5cc1cc2e2c9d6fe91804fb
SSDEEP

6144:g7Ca5PkE+6W29Gfe2Pmuzjjdc0AFrpycO3MqlrGCZg:4Ca1jW2QNmuO0AFtr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19f1127984a818d3ddac37a880629ae0

Files

19f1127984a818d3ddac37a880629ae0
.exe windows:5 windows x86 arch:x86

81dce71a26e779d40d9d112a4e13d276

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
RtlUnwind
ResumeThread
LoadLibraryA
GlobalFree
VirtualAlloc
TerminateProcess
CreateProcessA
GlobalAlloc
VirtualQueryEx
VirtualFree
FreeLibrary
GetThreadContext
lstrcpyA
GetTempPathA
CloseHandle
GetCurrentThreadId
GetModuleHandleA
GetTempFileNameA
GetProcAddress
GetLastError
OpenProcess
WriteFile
WaitForSingleObject
lstrlenA
lstrcmpA
CreateFileA
ExitProcess
lstrcatA

user32

GetThreadDesktop
GetFocus
OpenInputDesktop
wsprintfA
CloseDesktop
InflateRect
GetCursorPos
SetThreadDesktop
EqualRect
IsWindowVisible
FindWindowA
GetWindowThreadProcessId
ClientToScreen

shell32

ShellExecuteA

shlwapi

SHGetValueA

advapi32

CreateProcessAsUserA

gdi32

GetBkColor
GetBkMode

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE