1c5ee7f8ca9d3f0bdc93912b80d80dbb | Triage

Sharing

General

Target

1c5ee7f8ca9d3f0bdc93912b80d80dbb
Size

183KB
MD5

1c5ee7f8ca9d3f0bdc93912b80d80dbb
SHA1

906d3cc9fb276e5b00c2f3c81d26cbd48249ada4
SHA256

1761c938514dd4e6106ac0ab6f8c033ea1c8ea437d3893c336f5b0378bb9aa4e
SHA512

32bc37f2aa2aff23f415c26ddd8026ee9639e0545d577bde81dc99bcae3c13eb49ead5c44ed70595cd991d4f420a24371acdfe35040ddc1020a4aec58828ec29
SSDEEP

3072:pOJYhk4VE45+4RPBffFuUGA68+uMTvlVfe5a/F5ZjFFrrncCEGP1cnfqSWn:kJv4zfFE5Tvl5e50FFwzGSnyln

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c5ee7f8ca9d3f0bdc93912b80d80dbb

Files

1c5ee7f8ca9d3f0bdc93912b80d80dbb
.exe windows:4 windows x86 arch:x86

a75bec490c8e1ce6a653cadd7fd292c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
WriteConsoleOutputW
WaitForDebugEvent
DeleteTimerQueueTimer
GetDefaultCommConfigW
GetFileAttributesExW
WriteConsoleOutputW

user32

LoadCursorA
GetCursorPos
EditWndProc
CharToOemW
IsWindowEnabled
GetScrollPos
AnyPopup
SendMessageA
SetWindowWord
CtxInitUser32
WINNLSEnableIME
ActivateKeyboardLayout
OemToCharBuffW

gdi32

EngQueryLocalTime
GetGlyphIndicesW
GetAspectRatioFilterEx
GetKerningPairsA
CreateColorSpaceA
GdiFullscreenControl
EngCopyBits
SetICMProfileW
XLATEOBJ_cGetPalette
TextOutW
PATHOBJ_vEnumStartClipLines
DeleteColorSpace
EngCreatePalette
EngDeletePath
SetLayout
EngLoadModule
GetPath
SetDIBitsToDevice

Sections

.code
Size: 9KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack32
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ