423c6bcad6e91fb6e81a40689d1640e4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

423c6bcad6e91fb6e81a40689d1640e4
Size

107KB
MD5

423c6bcad6e91fb6e81a40689d1640e4
SHA1

3b8f3ef457ce3cf2ee87739cac72edfccf25f3c9
SHA256

140d6cb8422b4abe07d16aabbc8ddc5f1456e6ef648cb37d9b6df59f65f44721
SHA512

220575b50354bc0f4ffcd6aec7a1b1f24a689afa7fcdac6c1d5f6d7df0a4e98ba1ab0c06777393be72c79be07b5e117a7ec498738ba37c2e7738850ee3b31ef2
SSDEEP

3072:MOpgh7Ulm2MhX85k3W/AzewTfcJLceSTmCY6Fadkf:veZ0Fd5k35zewTuSVYpE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
423c6bcad6e91fb6e81a40689d1640e4

Files

423c6bcad6e91fb6e81a40689d1640e4
.exe windows:4 windows x86 arch:x86

b2ece0e6a36415629e5534842e73443b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WinExec
HeapSize
VerifyConsoleIoHandle
GlobalUnfix
CreateThread
SetFileApisToANSI
Toolhelp32ReadProcessMemory
HeapLock
InterlockedDecrement
_lopen
WritePrivateProfileStringW
GetThreadSelectorEntry
HeapWalk
DebugBreak

user32

GetSystemMetrics
GetKeyboardLayoutNameA
ModifyMenuA
MessageBoxIndirectA
GetTopWindow
DdeClientTransaction
SetProcessWindowStation
CopyAcceleratorTableA
SendNotifyMessageA
GetCapture

shell32

SHFileOperation

gdi32

XFORMOBJ_bApplyXform
CreatePolygonRgn
AddFontResourceW
SetViewportOrgEx
CreateFontIndirectA
PatBlt
GdiEntry14
GetLogColorSpaceW
PATHOBJ_vGetBounds

Sections

CODE
Size: 9KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pack32
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE