44d7474976a9211a3b296c0d051966bb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44d7474976a9211a3b296c0d051966bb
Size

183KB
MD5

44d7474976a9211a3b296c0d051966bb
SHA1

7893c4344ccf300dd239a714a4d1ef6333b14306
SHA256

b3f985cd656c886a0d5b4aaf4ea91697e59d19a5dab5f93c7f5d9d9a00cc6dde
SHA512

7e2fdb59f5b9afa50ad0ee1abff96035c62adb0017928cd576c35991cf7d3600d7b7e42698383f654f69b52c6276afefa97d64c22e14b7aa03556e2a22b0015c
SSDEEP

3072:ABsTzlF9ryyreHTGnVn5ksyOdzaYifJXjABFT8AkYOqcAfOes1mWFkUM:xz9r9ez+5ksy558FThORgt0PR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44d7474976a9211a3b296c0d051966bb

Files

44d7474976a9211a3b296c0d051966bb
.exe windows:4 windows x86 arch:x86

1c981d545eec49a7b602f40819fa3d0b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrDupW
PathIsUNCW
SHRegGetValueW
PathSkipRootW
PathGetArgsW
PathFindFileNameW

gdiplus

GdipGetImageWidth
GdipDisposeImage

kernel32

InterlockedExchange
GetCurrentDirectoryW
GetCalendarInfoW
SearchPathW
SetEnvironmentVariableW
GetCurrentProcess
GetCurrentThreadId
GetModuleHandleA
VirtualQuery
GetModuleFileNameW
OutputDebugStringA
LocalAlloc
MultiByteToWideChar
GetModuleHandleW
SetLastError
CreateDirectoryW
GetFileAttributesW
GetLastError
EnumResourceNamesA
DuplicateHandle
LocalFree
InitializeCriticalSection
FreeLibrary
lstrlenW
WideCharToMultiByte
ExitProcess
GetProcessId
GetProcAddress
OutputDebugStringW
lstrcmpiW
GetFileInformationByHandle
VirtualProtect
Sleep

ole32

CoGetDefaultContext
CoUninitialize
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoTaskMemFree

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ