376686a3e815adef33fe7d9e4ec2e5d2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

376686a3e815adef33fe7d9e4ec2e5d2
Size

54KB
MD5

376686a3e815adef33fe7d9e4ec2e5d2
SHA1

03206bff51df7613009f48f4a2664f867786377c
SHA256

c17a4c3a49315607bbcc2e52486e0953d27705fc98da8c256129d93e491e6bba
SHA512

dc7cd7a475ae0bd21076f3b63150d281536724587620582bca737397679375f7ce4e65b9f8a47edee8e516ab479c8690ffe2e62af289938c5e7118819ed4182f
SSDEEP

1536:GirlOjJ2pfylFW7ghzC1vJEOnNIa6gdaP:HkJKyPDzo2OnCU4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
376686a3e815adef33fe7d9e4ec2e5d2

Files

376686a3e815adef33fe7d9e4ec2e5d2
.exe windows:5 windows x86 arch:x86

d831033a303c492dea2a756a62acf1bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

advapi32

CryptCreateHash
CryptGetHashParam
DuplicateTokenEx
RegCloseKey
RegDeleteValueA

shlwapi

PathCombineW
PathFileExistsW
PathFindFileNameW
SHDeleteKeyA
StrCmpNIA
StrCmpNIW
StrStrW
wnsprintfA
wvnsprintfA
wvnsprintfW

user32

CloseWindowStation
GetMenuItemID
GetWindowTextA
LoadCursorA
OpenDesktopA
SendMessageA
SetProcessWindowStation

Sections

.zmh
Size: 44KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kxmt
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.axgpkx
Size: 5KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ