21e357dd9a1e01baef2ac6e50b79a0d6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21e357dd9a1e01baef2ac6e50b79a0d6
Size

101KB
MD5

21e357dd9a1e01baef2ac6e50b79a0d6
SHA1

a171bb52f6a12e2846aec563e330df9db30616f6
SHA256

92e72f8d11c99b80ecfeeede06c563c9d3751015290c5f0edec4fe2e826db11f
SHA512

3dd890e6859bcc6cc6b147d843d17c3c448d520b731a1ea092e9d91dfb4c4dc7020507886fd1daab66c2987b64f365f51fac9f2b3826e0c9a4cce814f1fb8a68
SSDEEP

1536:cYKHA/BY3lpE1nGMZI7HeWfvbWsN0Mnn3/STnJSV6HABiouStw3:DKHA/mpE1GmM+EyxMT6HABiouStC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21e357dd9a1e01baef2ac6e50b79a0d6

Files

21e357dd9a1e01baef2ac6e50b79a0d6
.exe windows:4 windows x86 arch:x86

f434fa353c493dd8f952917484c0ad5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
ExitProcess
CreateRemoteThread
LoadLibraryA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
WaitForSingleObject
CreateThread
GetProcAddress
Sleep
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceA
GetWindowsDirectoryA
CopyFileA
DeleteFileA
GetSystemDirectoryA
GetShortPathNameA
CreateEventA
OpenEventA
GetCurrentThreadId
WinExec
GetModuleFileNameA
SetFileAttributesA
VirtualAlloc
VirtualFree
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
CreateFileA
GetFileSize
GetModuleHandleA
CloseHandle

user32

GetInputState
wsprintfA
PostMessageA
GetClassNameA
GetWindowTextA
EnumThreadWindows
GetWindow
FindWindowA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ