47778724ca30b48a8de2316f7a454fc2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47778724ca30b48a8de2316f7a454fc2
Size

514KB
MD5

47778724ca30b48a8de2316f7a454fc2
SHA1

f48da76d3217f7eb7d1be3cd892d44a53ceb199c
SHA256

9c787f5753325204b5fa674bbbcc4c515c276bdcee0e0656abf0bc8a23492b82
SHA512

9b09bc0f494a67e94cf8e3b16e9ac4f94a9c639ebe5f12e3eae91e7bf6e9272524ddae7d7ec1fe42a902c3cb61c5614e91dce1b54cbbaffcdb0d74ac823afd92
SSDEEP

12288:KZpy37z/+akbh7tmEOyKX2HTymyYNVarDnCf8MuI++:+Fakbh7MFmz4Yfaqf88H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47778724ca30b48a8de2316f7a454fc2

Files

47778724ca30b48a8de2316f7a454fc2
.exe windows:4 windows x86 arch:x86

41ec2c8c404762f724a66dd2bc7d2030

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetThreadDesktop
GetClipboardData
GetWindowTextA
GetIconInfo
MsgWaitForMultipleObjects
OpenDesktopA
GetMessageA
GetCursorPos
ToUnicode
CharLowerBuffA
GetDlgItemTextA
EndDialog
SendMessageA
GetWindowLongA
SetProcessWindowStation
OpenWindowStationA

kernel32

VirtualAlloc
FindFirstFileW
GetCommandLineA
CreateFileA
CreateProcessW
FindNextFileW
VirtualProtect
SetFileTime
FindClose
lstrlenW
GetFileTime
CreateEventW
SetEvent
GetSystemTimeAsFileTime
lstrcpyW
SetFilePointer
GetFileSize
CloseHandle
GetFileAttributesW

shlwapi

PathMatchSpecW
wnsprintfW
PathFindFileNameW
StrStrW
StrCmpNIA
SHDeleteKeyA
wvnsprintfW
wnsprintfA
PathRemoveFileSpecW
StrCmpNIW
wvnsprintfA

advapi32

CryptGetHashParam
RegEnumKeyExA
RegCreateKeyExA
DuplicateTokenEx
RegQueryValueExA
CryptHashData
RegSetValueExA
CryptDestroyHash
GetUserNameW

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE