381a267e197f37a76428b9afa66a26ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

381a267e197f37a76428b9afa66a26ad
Size

129KB
MD5

381a267e197f37a76428b9afa66a26ad
SHA1

02c9cb2e8b1700d1c231eba12d6e23a208c57988
SHA256

307a076f923cb3d27fd51655fc0e837c0ed9d39ca96bb1f6081651a233c1ac08
SHA512

4490824f1e3e28cebae286ffc91fa3fd444793ddca5226f9a202c197eaec4683007236686218ae7b0483864b4536f9138bb825cd67e54b4e2e52a34d11731113
SSDEEP

3072:k7EOEcBGzidbviIZrZFxYj3s8owpNFhGADvpaR:zOEcAMbv7L7Yj3to8zTp4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
381a267e197f37a76428b9afa66a26ad

Files

381a267e197f37a76428b9afa66a26ad
.exe windows:1 windows x86 arch:x86

b6a545115d0f21b707de72bfe6dc9350

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_exit
__p__fmode
_initterm
exit
__set_app_type
memcpy
_adjust_fdiv
_except_handler3
__setusermatherr
_acmdln
_controlfp
__p__commode
__getmainargs
_XcptFilter

gdi32

GetStockObject
EndDoc
SaveDC

kernel32

GetStartupInfoA
GetCurrentProcessId
VirtualProtect
HeapCreate
HeapAlloc
GetLastError
SetErrorMode
GetModuleHandleA

user32

BeginPaint
LoadImageA
GetSysColor
GetMenu
ShowWindow
PtInRect
IsDialogMessageA
GetForegroundWindow
GetWindowTextA
SetUserObjectSecurity
SetWindowTextA
DialogBoxIndirectParamA
GetUpdateRgn
LoadAcceleratorsA
GetActiveWindow
LoadIconA
FrameRect
SendMessageA
IsIconic
LoadMenuA
ModifyMenuA
EndDeferWindowPos
CheckRadioButton

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ