097ffcef08922f90e664c366679133aa[.]exe | Triage

Sharing

General

Target

097ffcef08922f90e664c366679133aa.exe
Size

63KB
MD5

097ffcef08922f90e664c366679133aa
SHA1

3eba442bb42fe25153b96c5d1d91dc4bf23f89f3
SHA256

61f7de94de78e5f56bac7dc2ff6719fe7786d8acbbf5215aa18729f24a8cd0db
SHA512

3efc22eb8e3369e9676ad7f41e2e4d4b049fbf8557824d209a59d2e68b8c8a2a2b3d18a51b6f45f2f503dc2186345c71cda8efb304a131f5a1b909bd37a8c9aa
SSDEEP

1536:pY8KpQL5eYFGp+kOj+GyjBazkaskwkzLdtuFIoGBaXYEKG:EpQL5etrOyGaBazFsiz+NGBquG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
097ffcef08922f90e664c366679133aa.exe

Files

097ffcef08922f90e664c366679133aa.exe
.exe windows:4 windows x86 arch:x86

961d114a384b0472b145e7be84f41d16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadCursorA
GetClassNameA
ExitWindowsEx
GetClipboardData
GetCursorPos
ToUnicode
OpenDesktopA
CharLowerBuffA
SetProcessWindowStation
EndDialog
MsgWaitForMultipleObjects
FindWindowExA
GetWindowLongA
GetKeyboardState
PeekMessageA
GetDlgItem

kernel32

VirtualProtect
VirtualAlloc
GetCommandLineA
GlobalUnlock
GetTickCount
GetModuleHandleA
LeaveCriticalSection
MultiByteToWideChar
HeapFree
FindClose
GetLocalTime
GetFileSizeEx
lstrlenW
GetFileTime
lstrcatA
LoadLibraryA
lstrcmpiA
GetModuleFileNameA
GetSystemTimeAsFileTime
lstrcpynW
EnterCriticalSection

advapi32

GetUserNameW
RegDeleteValueA
RegSetValueExA
CryptCreateHash
CryptDestroyHash
RegQueryValueExA
RegCloseKey
CryptReleaseContext
CryptHashData

shlwapi

PathRemoveFileSpecW
StrCmpNIA
PathFileExistsW
SHDeleteKeyA
PathCombineW
PathFindFileNameW
wvnsprintfA
wnsprintfA
StrCmpNIW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE