436531fa5dd2c450b2296d140c3c184f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

436531fa5dd2c450b2296d140c3c184f
Size

242KB
MD5

436531fa5dd2c450b2296d140c3c184f
SHA1

3a165088e6c1978d9ebb65661de16b55bdb743a4
SHA256

e286c852f9bd948fbaba32dac9b5243c6b8045bd028d9079bd5e0f14a10380ed
SHA512

afe1b83e44ec25f59263f9c767be62bb9a91ab91e171e13600c48da680426aaeae5a4a274b9ed98038f4c704375bbaeaac3b86386261254e3ead8f6dec2996ec
SSDEEP

6144:oq/yRTJ1DfRLh1JHv6mRWmT0l7xilaiwOGZPe2mOH:z/wbzRZSA+ijOBH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
436531fa5dd2c450b2296d140c3c184f

Files

436531fa5dd2c450b2296d140c3c184f
.exe windows:4 windows x86 arch:x86

41c0fc924ab925e88a4755de67fbd6e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
RegCloseKey
RegSetValueExA
RegDeleteValueA
GetUserNameW
RegEnumKeyExA
CryptGetHashParam
CryptDestroyHash
CryptHashData

user32

EndDialog
SetProcessWindowStation
FindWindowExA
GetCursorPos
GetMessageA
GetKeyboardState
GetIconInfo
GetDlgItemTextA
GetClipboardData
GetWindowLongA
OpenWindowStationA
SetThreadDesktop
DispatchMessageA
CharLowerBuffA
DrawIcon
GetClassNameA
ExitWindowsEx

kernel32

VirtualAlloc
WideCharToMultiByte
CreateProcessW
GetFileSizeEx
CloseHandle
InitializeCriticalSection
GetTickCount
GetFileAttributesW
SystemTimeToFileTime
Sleep
VirtualProtect
GetModuleFileNameA
SetFilePointer
HeapAlloc
lstrcpyA
GetUserDefaultUILanguage
OpenMutexW
lstrcpyW
SetFileTime

shlwapi

wnsprintfW
wvnsprintfA
PathRemoveFileSpecW
wnsprintfA
StrCmpNIA
PathFindFileNameW
StrCmpNIW
PathCombineW
SHDeleteKeyA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE