4130ac4b893ec34fb817da890032dc20 | Triage

Sharing

General

Target

4130ac4b893ec34fb817da890032dc20
Size

89KB
MD5

4130ac4b893ec34fb817da890032dc20
SHA1

d563048a0f06e55a8ca96c332872e8af38b7de56
SHA256

677042305ce83464c8d6e900411201c05d899316d1447a7e2c2f18ee4aef8a2c
SHA512

40c819b19a12b74f85d3e22ceab51c0ba93173c8846bb94b9b6b30d6d84448047c0c4ea7df69e15152ff77d4a770f3e7c898aed0c48d651347e5ab6bffea91e4
SSDEEP

1536:C7MYcj/Q5CSYu/t7SxxnPwK1I7khGr59lblAX:zYQ/gjF7S3rI7JwX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4130ac4b893ec34fb817da890032dc20

Files

4130ac4b893ec34fb817da890032dc20
.exe windows:4 windows x86 arch:x86

c074e1610cde2772ad783fefe9f213e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SearchPathA
GetVersionExW
GetModuleHandleA
GetCommandLineA
FindClose
GetTickCount
DeleteCriticalSection
GetComputerNameA
OpenMutexA
VirtualProtect
SetEvent
CreateSemaphoreA
FreeConsole
CreateMutexA
TlsGetValue
ReleaseMutex
CloseHandle
Sleep
SetLastError

advapi32

RegCreateKeyExA
LsaSetSecret
GetFileSecurityA
IsTextUnicode
FreeSid
RegCloseKey
RegLoadKeyA
OpenEventLogA
IsValidSid
LsaClose
RegEnumKeyExA
CloseTrace
CloseEventLog
LsaFreeMemory
RegCloseKey

loghours

LogonScheduleDialog
DialinHoursDialog
DialinHoursDialogEx
DirSyncScheduleDialog
DirSyncScheduleDialogEx

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE