290309c5ac175ececad0306923fb1cf4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

290309c5ac175ececad0306923fb1cf4
Size

525KB
MD5

290309c5ac175ececad0306923fb1cf4
SHA1

0feb6761f125519ace6235bd0e7855c3f933d17d
SHA256

041f5fc138a682263d122f5cb0082b1deb51853e92afb0de1da5dcc0547a4bdf
SHA512

2047c25d9bc031f137df77e8801d1b2eedd6ad36013ca6edf46cd762f03758dc6a45b768ecad55a3fb1b8e4e46d8516fb0c970171345c7554179b40d0e96592d
SSDEEP

12288:ljCMigiIASAecJT8rMWUK/78pS8HnrfWIJpkL42X6:5Cqi1eMTqMmr8LfWIJSL42q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
290309c5ac175ececad0306923fb1cf4

Files

290309c5ac175ececad0306923fb1cf4
.exe windows:5 windows x86 arch:x86

300c45085d6f3c52d20ede5593a5d3af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam
DuplicateTokenEx

kernel32

SetFilePointer

shlwapi

PathFindFileNameW
PathMatchSpecW
PathRemoveFileSpecW
SHDeleteKeyA
StrCmpNIA
StrCmpNIW
wnsprintfW
wvnsprintfA
wvnsprintfW

user32

CharLowerBuffA
CharUpperW
CloseDesktop
DispatchMessageA
DrawIcon
FindWindowExA
LoadCursorA
PeekMessageA
SendMessageA
ToUnicode

Sections

.yzyhcr
Size: 40KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tmrwx
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.czuf
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ