41d2d57be9a8047a267e3c476a456dc4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41d2d57be9a8047a267e3c476a456dc4
Size

61KB
MD5

41d2d57be9a8047a267e3c476a456dc4
SHA1

bb8bbc555093e568c25a19c9c1968b6923c61e02
SHA256

d1277a788dd3a7afe9768ac6f4875d6d15d479b28f1ad65a28ae85d74ba17d24
SHA512

3adc4840b1317851c8ef3eee49f035e97cc063d5e1af85aa3533f7bcc0af0da4ad3d865396261557b6c52ca78597127cf000c65c725b64994c7c50fecdbafd03
SSDEEP

1536:P1y0fblucgrjLcZDw7weIwiE3jK+TJte6/DbitROGvN4N:Ny2ucijYy75iajrRfi7OA8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41d2d57be9a8047a267e3c476a456dc4

Files

41d2d57be9a8047a267e3c476a456dc4
.exe windows:4 windows x86 arch:x86

a510df1d3b032cc87ac2abb11aba55f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wvnsprintfA
PathRemoveFileSpecW
StrCmpNIA
SHDeleteKeyA
wnsprintfA
StrStrW
wnsprintfW
PathFindFileNameW
wvnsprintfW

kernel32

MultiByteToWideChar
GetFileTime
VirtualProtect
GetModuleHandleA
lstrcpyW
GetVersionExW
VirtualAlloc
GetModuleFileNameA
CloseHandle
GetFileAttributesW
GetLastError
CreateThread
ReleaseMutex
CreateMutexW
FindResourceW
GetSystemTimeAsFileTime
SetFileTime
GetCommandLineA
CreateProcessW
ResetEvent
WaitForSingleObject
WideCharToMultiByte
lstrcatW
ExpandEnvironmentStringsW

user32

GetDlgItemTextA
CharLowerBuffA
SetThreadDesktop
GetWindowThreadProcessId
GetKeyState
MsgWaitForMultipleObjects
GetIconInfo
OpenDesktopA
GetMessageA

advapi32

RegQueryValueExA
RegEnumKeyExA
CryptHashData
RegCreateKeyExA
CryptGetHashParam
GetUserNameW
RegDeleteValueA
CryptAcquireContextW
CryptCreateHash
RegCloseKey
DuplicateTokenEx

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE