2159883cf6fedbf8982b3ea99cedbdd8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2159883cf6fedbf8982b3ea99cedbdd8
Size

63KB
MD5

2159883cf6fedbf8982b3ea99cedbdd8
SHA1

f122b10f22c7d9191daebed440d77166bc9776f4
SHA256

19dbdfa731bfb69ef85a2b7cf57e3317a8a73933d6b12f328201820dbe344eaf
SHA512

c809799c15378f63d881b55eede2dc656a99c042bb7f4127c50a84b969f189a27dbc62557ed2220372e22ee03937498f72aa7aa4ba584408b1293bb8d0822ab5
SSDEEP

1536:taVMV6UE6/zwh14Q0j17gaKinIdFyx7Apyra:IVMV6UE6kN017DTnIdFy8yr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2159883cf6fedbf8982b3ea99cedbdd8

Files

2159883cf6fedbf8982b3ea99cedbdd8
.exe windows:4 windows x86 arch:x86

fccff03ff4519f47c5916d60650545a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExA
GetUserNameW
CryptCreateHash
RegQueryValueExA
CryptGetHashParam
RegCloseKey
CryptHashData
RegDeleteValueA
DuplicateTokenEx
CryptDestroyHash
CryptReleaseContext
RegCreateKeyExA

shlwapi

StrStrW
wnsprintfW
PathCombineW
wvnsprintfW
SHDeleteKeyA
PathMatchSpecW
wnsprintfA
PathFileExistsW
PathRemoveFileSpecW
StrCmpNIW
wvnsprintfA
PathFindFileNameW
StrCmpNIA

user32

GetDlgItemTextA
GetIconInfo
SetThreadDesktop
SendMessageA
GetClipboardData
CharLowerBuffA
LoadCursorA
GetForegroundWindow
GetMessageA
GetKeyboardState
CloseWindowStation
GetKeyState
FindWindowExA
GetWindowThreadProcessId
GetCursorPos
ExitWindowsEx

kernel32

VirtualProtect
lstrcmpiW
LeaveCriticalSection
WideCharToMultiByte
lstrcmpiA
ResetEvent
GetModuleHandleA
Sleep
SetFileTime
CreateMutexW
EnterCriticalSection
lstrcpyA
VirtualAlloc
GetModuleFileNameA
lstrcatA
CreateFileA
GetFileSize

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE