25ee9266fafc433a6063f6e5991aeac7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

25ee9266fafc433a6063f6e5991aeac7
Size

63KB
MD5

25ee9266fafc433a6063f6e5991aeac7
SHA1

3c1cec40e86f98fcba4c64841efc2e6e8576ac44
SHA256

5cebf85d8b771837455c75c67cc4eedcd6be1d185db69d5c3222ea677bf63cc9
SHA512

50f146059463fb96da1b0a89ed3758c5cd31e33766ca6b899c1efaa5ce67ac021ce54788877f3321810b788f204a0de6b5b0d9f6fa3495e58c899b6ef26baa98
SSDEEP

1536:cGiFuWsYZga0vV9inoGkpu7u2Xx2LNmeeelb:cGkuWNP0vninoNpUa6elb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25ee9266fafc433a6063f6e5991aeac7

Files

25ee9266fafc433a6063f6e5991aeac7
.exe windows:4 windows x86 arch:x86

7ee8f039e9b5f20034bea380c6e96bc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
PathFileExistsW
PathRemoveFileSpecW
wnsprintfA
PathCombineW
wnsprintfW
StrStrW
PathFindFileNameW
StrCmpNIW
wvnsprintfA

kernel32

InitializeCriticalSection
VirtualAlloc
GetModuleFileNameW
CreateMutexW
OpenMutexW
ExpandEnvironmentStringsW
GetFileSizeEx
ResetEvent
GetLastError
HeapAlloc
CreateProcessW
MulDiv
GetModuleHandleA
lstrcpynW
SystemTimeToFileTime
VirtualProtect
CreateEventW
GetSystemTime
GetVersionExW
SetFilePointer
SetFileTime
GetProcAddress
SetEvent
lstrcmpiA

user32

GetCursorPos
GetWindowLongA
GetIconInfo
LoadCursorA
FindWindowExA
EndDialog
GetKeyboardState
MsgWaitForMultipleObjects
CloseDesktop
GetWindowThreadProcessId
SetProcessWindowStation
ExitWindowsEx
GetClipboardData
OpenDesktopA
SetThreadDesktop
PeekMessageA
ToUnicode
GetKeyState

advapi32

CryptHashData
RegCreateKeyExA
RegQueryValueExA
CryptReleaseContext
CryptCreateHash
GetUserNameW
RegDeleteValueA
CryptGetHashParam
CryptDestroyHash
RegCloseKey
RegSetValueExA
RegEnumKeyExA

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE