458e231ffef84ca6b372ae1d8ec50cd3 | Triage

Sharing

General

Target

458e231ffef84ca6b372ae1d8ec50cd3
Size

180KB
MD5

458e231ffef84ca6b372ae1d8ec50cd3
SHA1

f1ac4d88606f964da97d57ffeba89a63577f109d
SHA256

e429a527b6c00cdb778cce4df6aa9d481c8511fef78e3997c6132612736563e8
SHA512

3e5e518f49792a963c0ee191602e54db17731690a8e4ed9e7edc106a596ce24af298af7a1e9c8e9263680c60e7e604c6930550b66f1bb459ade7156f8b240770
SSDEEP

3072:4ajZj9VMfQmL7tGZALPcVazeuBvOoSDqRGhxPRjPV9ZLqukNLNMaqAVoTUt4FNW/:4KWQGtGZccMBvOoSDqRGPJDrs/NLN99x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
458e231ffef84ca6b372ae1d8ec50cd3

Files

458e231ffef84ca6b372ae1d8ec50cd3
.exe windows:4 windows x86 arch:x86

16aa6d2dfc0b06488c17b6da1e286c5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
lstrlenA
GetSystemTimeAsFileTime
MultiByteToWideChar
EnumResourceNamesW
LocalAlloc
WideCharToMultiByte
RaiseException
CreateProcessA
OpenWaitableTimerW
InterlockedExchange

shlwapi

PathFileExistsW

rpcrt4

NdrFixedArrayFree
UuidCreate

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

advapi32

RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ