4157c9d08f5b73f503662cca1d137c2d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4157c9d08f5b73f503662cca1d137c2d
Size

14.0MB
MD5

4157c9d08f5b73f503662cca1d137c2d
SHA1

6e37a6f5d57b44849dd7b75fc63106565adb0028
SHA256

c22b8f1b421deb8205022b01a384fe14b9e9ca3bb8861cd42b34a2c6ed038379
SHA512

f02af350da783cdef7c68f2645fa0e1da6f1f500b29a6624d86c8b0f22bed0306b25d58a0b321686f88a763478ca39d07d1b3395f6923bc0882b4e151f43a936
SSDEEP

3072:HtirWZ3EnugzzOCRDzx/8Bd+UFm+V/TH4lje:HtirWZ0nuYzJ0BdQ6rH4lj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4157c9d08f5b73f503662cca1d137c2d

Files

4157c9d08f5b73f503662cca1d137c2d
.exe windows:5 windows x86 arch:x86

b0c2ae76a157d0eb2937e60b2cf398d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableA
TlsAlloc
VirtualAlloc
DeleteFileW
LoadLibraryW
CreateEventW
SetSystemTime
GetCurrentDirectoryW
CreateMailslotW
LoadLibraryA
FindAtomW
GetCurrentProcessId
OpenJobObjectA
GetShortPathNameA
SetCurrentDirectoryA
WaitForSingleObjectEx
OpenEventW
TerminateThread
CreateFileW
RemoveDirectoryA

authz

AuthzFreeResourceManager
AuthzInitializeContextFromSid
AuthzAddSidsToContext

uxtheme

GetThemeFilename
GetThemeEnumValue
IsThemeActive
GetThemeBackgroundExtent

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rlc
Size: 13.8MB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ