44f85099676ee1a4add4b1f6903dafaf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44f85099676ee1a4add4b1f6903dafaf
Size

59KB
MD5

44f85099676ee1a4add4b1f6903dafaf
SHA1

290d33efedd0281021940eba1d60a2091a991d0e
SHA256

67538f38d7ce002f6cd549a6cebaaf97c9d0ee217a78a11008c2e435c8567441
SHA512

642b9b811833358cd9cc332ce3d465b7fb4dd91da58aac9f3d9315a964d648a3afcc9349e95bbdad293c87a59b4ba7e331c339c246df030426647092984d8eac
SSDEEP

1536:PYgXNdAkXYcIHGBTbg2Oaq5Damg6nEasq3kNKSAQ0Q:QCNdAkXYTmVdOaX6nEasekiJQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44f85099676ee1a4add4b1f6903dafaf

Files

44f85099676ee1a4add4b1f6903dafaf
.exe windows:4 windows x86 arch:x86

5da8040a66bf5e5f3b1213bdb36628ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetKeyboardState
SetThreadDesktop
GetWindowLongA
GetDlgItemTextA
PeekMessageA
GetClassNameA
GetWindowTextA
ExitWindowsEx
GetClipboardData
SetProcessWindowStation
CharLowerBuffA
GetIconInfo
GetDlgItem
ToUnicode
LoadCursorA
DrawIcon
DispatchMessageA
GetForegroundWindow
FindWindowExA
MsgWaitForMultipleObjects

advapi32

RegEnumKeyExA
DuplicateTokenEx
GetUserNameW
RegCreateKeyExA
CryptHashData
CryptGetHashParam
CryptAcquireContextW
RegDeleteValueA
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
RegCloseKey

shlwapi

PathCombineW
PathFindFileNameW
wnsprintfW
PathFileExistsW
PathMatchSpecW
PathRemoveFileSpecW
wvnsprintfA
wvnsprintfW
StrCmpNIA
SHDeleteKeyA
StrStrW

kernel32

GlobalUnlock
GetSystemTime
VirtualAlloc
VirtualProtect
CreateFileA
lstrcpynW
ResetEvent
GetFileTime
lstrcmpiA
GetModuleFileNameA
GetFileAttributesW
GetFileSizeEx
GetLocalTime
GetModuleHandleA
CreateThread
SetFilePointer
CloseHandle
CreateMutexW
GetCommandLineA
lstrcmpiW
lstrlenA

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE