434819efa7e85f96846d0e1321037feb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

434819efa7e85f96846d0e1321037feb
Size

314KB
MD5

434819efa7e85f96846d0e1321037feb
SHA1

74b9f0acda25c3f0e12c61af16e8c411233034e9
SHA256

7ecf7d8fa5929d384f20f57c49f8c79f5098794ff2708d28ccbcd36b3ec18136
SHA512

7d6887de2e24dece35e3795fc170b3f6d0b455146f9b026d532675b6de93c0349af0d6eb85581ffdfb8531c42a5525cf1dd5585adf90c1a95c4b2292fcabbe18
SSDEEP

6144:RYKTJjLj4XoC7Bf9gI/Kfto2xrLQrmZ2PpFHLM8mk:yqJgf6qeuEwrmAPfog

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
434819efa7e85f96846d0e1321037feb

Files

434819efa7e85f96846d0e1321037feb
.exe windows:4 windows x86 arch:x86

5b21a7e9d476b732cf4e729cea1b9d7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
TlsSetValue
LCMapStringA
HeapReAlloc
OutputDebugStringW
IsValidCodePage
GetStringTypeA
EnumSystemLanguageGroupsW
LCMapStringW
GetLocaleInfoA
DebugBreak
WriteConsoleW
CompareFileTime
OutputDebugStringA
GetStringTypeW
GetCPInfo

advapi32

InitializeSecurityDescriptor
IsValidSecurityDescriptor
AddAce
GetSecurityDescriptorLength
LookupAccountSidA
GetUserNameA
QueryServiceStatus
PrivilegeCheck
SetSecurityDescriptorOwner
DuplicateTokenEx
RegOpenKeyExW

oleacc

CreateStdAccessibleObject
CreateStdAccessibleProxyA

shlwapi

PathAddBackslashW

shell32

SHGetMalloc
SHChangeNotify
SHGetPathFromIDListW

winmm

sndPlaySoundA

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ