19f1f591efb71638c00b98c57716ddd8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19f1f591efb71638c00b98c57716ddd8
Size

33KB
MD5

19f1f591efb71638c00b98c57716ddd8
SHA1

49958e6c9cd305af832845e93c0e7bb04a6a2b48
SHA256

23a94d9cdec816b27d2891e783eca363cee6baef25f5446ffba0ccb6e20d87d8
SHA512

f077620679b4e2517c4346b928585560dc3010851a99e18d8f541eb23bf56d33fe91c80568de6ec0d6d5f5b5e21e05d9042aa1fcb9ba3bfe966698830d45f153
SSDEEP

768:MFz7VnyGx61x9J6EmR9z1o8OKYmne1k2hKuzInoDDglYDYlYS9K7+g:MFPT6XE60n759GDgli8rK7p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Confirmation-Booking-Details.exe

Files

19f1f591efb71638c00b98c57716ddd8
.zip
Confirmation-Booking-Details.exe
.exe windows:5 windows x86 arch:x86

1250f059d214a1901d21d499c60b4f19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowDC

msvcrt

ldiv

kernel32

GetTickCount

shlwapi

PathMakePrettyW
PathStripPathW

advapi32

CryptDestroyKey

Exports

Exports

��ainPressA@777GPAUHINSTANCE__@@U_COMMPROP@@~F
?GainPressW@777GPAUHINSTANCE__@@U_COMMPROP@@~F
?GainWordA@777GPAUHINSTANCE__@@U_COMMPROP@@~F
?GainWordW@777GPAUHINSTANCE__@@U_COMMPROP@@~F

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.icode
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.icode
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ