1bfa7d88a11abe85a7eb9cc13b636b33 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1bfa7d88a11abe85a7eb9cc13b636b33
Size

65KB
MD5

1bfa7d88a11abe85a7eb9cc13b636b33
SHA1

14a76f7fee08225780bb70ea559807bea6b0c262
SHA256

437e7773302cfff2fec39d619f32d66aa8da2b78c2a39160f123921808f4cb58
SHA512

827598089987e82ec4226c471c3b0334c63b271d57d3f6e46dbccaf1aecb800974368f7b3f41e13b2343ee80bc7b66049f245e0647ddae4d84a6c63f7fd6dbe5
SSDEEP

1536:Ao/A84PD9KLYx/4iSKZJV94PSBN8ItXT5pS2Wu:7/AB1N4idZJV94uNxd0p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bfa7d88a11abe85a7eb9cc13b636b33

Files

1bfa7d88a11abe85a7eb9cc13b636b33
.exe windows:4 windows x86 arch:x86

11e66b5c59adaae01e010fefa471e3c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
GetFileSizeEx
GetFileAttributesW
MultiByteToWideChar
GetFileAttributesA
FindNextFileW
WideCharToMultiByte
VirtualAlloc
GetLastError
SystemTimeToFileTime
ExpandEnvironmentStringsW
CreateThread
GetProcAddress
lstrlenA
GetVersionExW
CreateFileA
LeaveCriticalSection
FindResourceW
GetFileTime
GetUserDefaultUILanguage
SetFileTime
CreateMutexW
GetCommandLineA
CloseHandle
CreateProcessW
SetEvent
GetFileSize
ResetEvent
GetSystemTime
VirtualProtect

user32

GetClassNameA
ExitWindowsEx
PeekMessageA
FindWindowExA
GetKeyboardState
CloseWindowStation
DrawIcon
GetForegroundWindow
GetKeyState
GetCursorPos
SetThreadDesktop
GetWindowLongA
CloseDesktop

shlwapi

PathFileExistsW
wvnsprintfW
StrStrW
SHDeleteKeyA
wnsprintfA
PathMatchSpecW
StrCmpNIW
PathRemoveFileSpecW
wnsprintfW

advapi32

CryptAcquireContextW
RegCloseKey
RegEnumKeyExA
CryptReleaseContext
DuplicateTokenEx
RegQueryValueExA
CryptGetHashParam
CryptDestroyHash
CryptHashData

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE