291fe65700dc98cb0be43926f8255d32 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

291fe65700dc98cb0be43926f8255d32
Size

21KB
MD5

291fe65700dc98cb0be43926f8255d32
SHA1

d04b34a1ebf73ed340b241baec86092511e1a001
SHA256

4381f432764c237ff2d13b13f5fa2abd5a4c1a1229e5713dc35358f509665dd7
SHA512

afd61081c69af29f961afd3e71f9cd8875272bbac2b6e5572d0e5b7030363ae7d2e9a8729d3c90fd7486e2b1d00c4501c51920aafe4d6dd66761952ef0e13f6a
SSDEEP

384:5/Ym4LOlMrQwFYMiRmAvhHBPxAjnDShPKTOtVrsecbQiAXaIDWOlnfWjvOeo:dYvLOlMrZFWUOHBPxAjnTOtlsecsiAZF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
291fe65700dc98cb0be43926f8255d32

Files

291fe65700dc98cb0be43926f8255d32
.exe windows:4 windows x86 arch:x86

5d85b8571c06073dcb915a39102fc362

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
DeleteFileA
CreateEventA
WriteFile
SetFilePointer
lstrcatA
lstrlenA
GetModuleFileNameA
LoadLibraryA
CloseHandle
lstrcpyA
ExitProcess
GetTempPathA
GetFileAttributesA
ResetEvent
GetModuleHandleA
CreateFileA
GetProcAddress
RtlUnwind
ReadFile
SetEvent
OpenProcess
Sleep
GetSystemDirectoryA
ExitThread
GetLastError
CreateMutexA
GetVersionExA
CreateThread
lstrcmpA
WaitForMultipleObjects

user32

DispatchMessageA
SetThreadDesktop
ShowWindow
PeekMessageA
CreateWindowExA
CreateDesktopA
MsgWaitForMultipleObjects
DestroyWindow
CharToOemA
wsprintfA
CloseWindow
TranslateMessage

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegNotifyChangeKeyValue
RegOpenKeyA

shell32

SHGetFolderPathA

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ