4105cbcd77ea7ca03940f1f6679a3e2f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4105cbcd77ea7ca03940f1f6679a3e2f
Size

61KB
MD5

4105cbcd77ea7ca03940f1f6679a3e2f
SHA1

04155e05b306f6e41fa55560a3872746962b2b05
SHA256

4fccd62532246e4bbd1703cddde0d14556deecd70dadaea39e11822bcfc871d1
SHA512

31355c24c8a6eb4d8e7e1849d66abbca562134914d7ce4222fcbc1a7e4fbf6deb39d25508c3153199337c6ef4c57f2a73c57c63c370d1052dda03afd2a7d6dd6
SSDEEP

1536:PJxEld0cN4opfR/sW5FbStuyGwGYFxL8:PJxviREWvbYnr8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4105cbcd77ea7ca03940f1f6679a3e2f

Files

4105cbcd77ea7ca03940f1f6679a3e2f
.exe windows:4 windows x86 arch:x86

ea49f8f87fb6642d3abb77c01e1e0050

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
wvnsprintfA
PathRemoveFileSpecW
PathMatchSpecW
StrCmpNIA
wvnsprintfW
StrStrW
StrCmpNIW
SHDeleteKeyA
wnsprintfA
wnsprintfW
PathCombineW
PathFileExistsW

advapi32

CryptAcquireContextW
CryptHashData
RegCloseKey
GetUserNameW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
RegEnumKeyExA
RegQueryValueExA
DuplicateTokenEx
RegSetValueExA
RegDeleteValueA

user32

GetWindowThreadProcessId
OpenDesktopA
GetCursorPos
GetClipboardData
EndDialog
SendMessageA
PeekMessageA
MsgWaitForMultipleObjects
DrawIcon
ExitWindowsEx
GetDlgItemTextA
GetClassNameA
GetDlgItem
SetThreadDesktop
DispatchMessageA

kernel32

GetFileAttributesW
VirtualProtect
GetVersionExW
lstrlenA
GetTickCount
SetFilePointer
EnterCriticalSection
GetLocalTime
lstrcpynW
VirtualAlloc
GlobalLock
InitializeCriticalSection
CreateProcessW
ReleaseMutex
lstrcpyA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE