46aba4f64f4caf2a73cacc526c652c31 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46aba4f64f4caf2a73cacc526c652c31
Size

265KB
MD5

46aba4f64f4caf2a73cacc526c652c31
SHA1

e8d5a086dcfbc4ce6ded80fd22d1f2d2a0134820
SHA256

006bc2d11da5a6559b373e08e71a01a79d3cb7f9674155c1a63e13cf85d7510e
SHA512

c7112835e94bc554fc65ec7923807fc1f04ca219f5c973aeed9a99a9a5e4861687a79c5e82756d8ca9d451b00623c16d808761ea4ff493739e0a462a6c8adc6d
SSDEEP

6144:BkoDG6Y/jQuJMtRLqhcGaJKMtohkaFlkchTBoPr:B5Dy7Qu6uf+oaaFlkIar

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46aba4f64f4caf2a73cacc526c652c31

Files

46aba4f64f4caf2a73cacc526c652c31
.exe windows:4 windows x86 arch:x86

56810f0e95c122d400761b3d70a11bd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

TlsFree
TlsSetValue
GetVersionExA
VirtualAlloc
GetVersion

rpcrt4

RpcStringFreeA
RpcBindingInqOption
RpcBindingInqAuthClientA

user32

LoadCursorA
SetCursorPos
GetCursorInfo

comctl32

ImageList_Destroy
ImageList_Create
ImageList_AddMasked

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

WriteQofmhkohg
WriteCqxjxiqakol
AddCimlblte
EndGoybnarlgsw
Fxehngyi
Oklmkbdvl

Sections

.text
Size: - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ