418dbd80e0ddf80c98a1f692dc07e60b | Triage

Sharing

General

Target

418dbd80e0ddf80c98a1f692dc07e60b
Size

42KB
MD5

418dbd80e0ddf80c98a1f692dc07e60b
SHA1

58cb35bbec9b4a36a66c48f183645b15c0e6bb4e
SHA256

3a051cd5686c23a849f7fd66dd741930f341137e1323dfd0802bd3c6fa81248f
SHA512

cfbd2514abc0a79b1eaed07a6350293b68e4e8711a8d3ade47db50d724de68f5ff9b95f2f3dc88ce72a630d27f3d283bf128da26d9b4067c1ea0178c46316c4a
SSDEEP

768:DMwdGyo2HIQ0zlmrBA52L80ot05abJrby/ODeDu0as24NI8NHc:/Ub2d08e52C1RbAkeDuQ2KIiHc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
418dbd80e0ddf80c98a1f692dc07e60b

Files

418dbd80e0ddf80c98a1f692dc07e60b
.exe windows:4 windows x86 arch:x86

1bf8967f7e01e967fb0d6c2d36293265

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
Heap32ListNext
TermsrvAppInstallMode
MoveFileExW
FindFirstVolumeA
CreateFileA
OpenSemaphoreA
CreateThread
FillConsoleOutputCharacterW
_lcreat
LocalFree
GetFileAttributesA
RegisterWowExec
QueryInformationJobObject
VirtualProtect
GlobalCompact
FindClose
FreeConsole
WriteConsoleA
GetPriorityClass
SignalObjectAndWait
ExitProcess
PostQueuedCompletionStatus
OpenMutexA
SetConsoleInputExeNameW
SetCurrentDirectoryW
CreateJobObjectW

user32

CallWindowProcA
GetUserObjectSecurity
UserHandleGrantAccess
SetWindowPlacement
GetLastActivePopup
PostMessageW
CheckMenuItem
DialogBoxIndirectParamAorW
WindowFromDC
SystemParametersInfoW
LoadMenuIndirectA
ArrangeIconicWindows
CopyRect
SetCaretPos
SetClassWord
CharToOemA
DrawTextW
GetClassNameW
DdeInitializeA
WCSToMBEx

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE