21b058d2f657f34fc6821bb018f2d8e5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21b058d2f657f34fc6821bb018f2d8e5
Size

190KB
MD5

21b058d2f657f34fc6821bb018f2d8e5
SHA1

0e86978c672bc8f62be0f5dcfac78b06c4b56b70
SHA256

c846fe1956b76bc71a9c88d8ba780903e54245efa9daa8b3725b885e815c909f
SHA512

4dd0b1f8eabe44b9c5be340a762c1d68bd525961cfa203521dd2a391df5c231a279385b94830e80779aab3377d1cd842010599078202600fa1e483b93177bb05
SSDEEP

3072:7xUEPQzR7FHLdKc1cy0Qdrnrdfubd+6c8BT6GuC7nK5D+5F:dUEozzHLPc3GrdGfJBT6wbF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21b058d2f657f34fc6821bb018f2d8e5

Files

21b058d2f657f34fc6821bb018f2d8e5
.exe windows:4 windows x86 arch:x86

b15f7edc5ef1c36c9f4283b76456b7bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrDupW
PathSkipRootW
SHRegGetValueW
PathGetArgsW
PathIsUNCW
PathFindFileNameW

kernel32

SetEnvironmentVariableW
GetFileInformationByHandle
ExitProcess
GetCalendarInfoW
FreeLibrary
GetFileAttributesW
GetModuleFileNameW
SetLastError
GetModuleHandleW
InterlockedExchange
CreateDirectoryW
lstrcmpiW
GetProcessId
OutputDebugStringW
MultiByteToWideChar
LocalFree
VirtualQuery
EnumResourceNamesA
SearchPathW
OutputDebugStringA
GetLastError
VirtualProtect
InitializeCriticalSection
GetProcAddress
GetCurrentThreadId
WideCharToMultiByte
GetCurrentDirectoryW
DuplicateHandle
LocalAlloc
lstrlenW
GetCurrentProcess
GetModuleHandleA
Sleep

ole32

CoGetDefaultContext
CoInitialize
StringFromGUID2
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree

gdiplus

GdipGetImageWidth
GdipDisposeImage

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ