45839e83099ba4fd5fb562feefc2616d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45839e83099ba4fd5fb562feefc2616d
Size

67KB
MD5

45839e83099ba4fd5fb562feefc2616d
SHA1

00e7263da64e8d30a77571c4e19bfe5071865c95
SHA256

c265eaa11213dc44c9232272f6822652dcb3fff60d91d142a785f5fdad1b2202
SHA512

418d06ef3379de2196e1880ac8fa2afab97e46b7284ae1a9b10bad28599743f951ddb993e378840d819ae7dc7ddeb6b52f395a8996805cd12d32c0d6f3fc0914
SSDEEP

1536:iBdT+jo8JeLMcEWU2Im5De974UCzM9pcesVfUKqYNmxbeR1KQ3:SF+aQ0Gm5i94CpcbhUYKwt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45839e83099ba4fd5fb562feefc2616d

Files

45839e83099ba4fd5fb562feefc2616d
.exe windows:4 windows x86 arch:x86

ff6fcbb8c85558abbdc57fa6f68c78d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
CreateFileA
VirtualAlloc
lstrlenW
MulDiv
GetFileTime
WideCharToMultiByte
VirtualProtect
ResetEvent
GetTimeZoneInformation
GetLocalTime
GetSystemTimeAsFileTime
GetFileAttributesA
GetFileSizeEx
GetFileAttributesW
CreateThread
lstrcatW
GetTickCount
FindClose
lstrcpyA
lstrcmpiA
MultiByteToWideChar
GetProcAddress
SetEvent
HeapAlloc
GetVersionExW

advapi32

RegDeleteValueA
CryptCreateHash
GetUserNameW
RegCloseKey
RegQueryValueExA
CryptGetHashParam
RegSetValueExA
CryptHashData
CryptDestroyHash

shlwapi

PathFindFileNameW
StrCmpNIA
PathMatchSpecW
wnsprintfA
wnsprintfW
PathCombineW
wvnsprintfA
StrCmpNIW
PathFileExistsW
SHDeleteKeyA

user32

GetForegroundWindow
GetIconInfo
SetProcessWindowStation
PeekMessageA
FindWindowExA
GetCursorPos
SetThreadDesktop
ExitWindowsEx
MsgWaitForMultipleObjects
OpenDesktopA
CloseDesktop
GetWindowThreadProcessId

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE