1c1ea44374e970c07fc4cd6c688af7ed | Triage

Sharing

General

Target

1c1ea44374e970c07fc4cd6c688af7ed
Size

314KB
MD5

1c1ea44374e970c07fc4cd6c688af7ed
SHA1

0f3918c9bcdea0d21ee4a61e11402dc72293b7a3
SHA256

f32855050838efead3387f00e9aef4f467dd040610f5e27207d6daf38f3b5ae6
SHA512

70da09d02798b981a21b3833bcb289edde042044cb7a5e71d6d6b400b7f0cba0be1b8b1b750de1be9d28549c3ed3d69a8ba5633c8a347d46243cd27613278ddb
SSDEEP

6144:5AtXzZmEqneImFYsWFBBI0zI9axvI9Kyg8ppjcp4fJMfM/Su8hEtHcMrTwswL0rW:5AtXx4evzsBq1IvQKv8pepjM/Su86tHo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c1ea44374e970c07fc4cd6c688af7ed

Files

1c1ea44374e970c07fc4cd6c688af7ed
.exe windows:4 windows x86 arch:x86

5dbf36fdf69c3b31bfb0a7abd231b83f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

SetStdHandle
GetCurrentProcessId
GetConsoleOutputCP
GetFileSize
CreateFileA
FlushFileBuffers
GetProcessHeap
SetErrorMode
FlushFileBuffers
CreateFileMappingA
ExitProcess
WriteConsoleA
GetConsoleMode
SetFilePointer
WriteConsoleW
GetConsoleCP
HeapCreate
LockResource
FindResourceExA
ReadFile
GetEnvironmentVariableA
CreateFileW
GetThreadLocale

shlwapi

PathAddBackslashW

user32

SetDlgItemTextW
SetWindowPos
SystemParametersInfoA
UnregisterClassA
GetDlgItem
CharPrevW
EndDialog
SendMessageA
SendDlgItemMessageW
GetWindowRect
EnumWindowStationsW
DialogBoxParamW
CharNextA

shell32

SHGetFolderPathW

comsvcs

CoEnterServiceDomain

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.venue
Size: 5KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ