46de70509055394d694ae3ad8122e45e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46de70509055394d694ae3ad8122e45e
Size

52KB
MD5

46de70509055394d694ae3ad8122e45e
SHA1

c8203668b47e119cabfc6e7d4fc29d1bd7e7cb71
SHA256

0bb0e6cd55af24c9579cf3c916cc03ac63e2a7fb6ab323eb3c0ae18207391388
SHA512

d3ed7ace851f7bb8d9d304d59899a3a061daf09de773733e1396b940311d7c3e5bf1d89b0c10f16e4d8ddf103ad2927c62251be4b9cbc62ebfff7ee318e6255f
SSDEEP

768:fRh6f9RaSsGPxTn2rcraMWNjQesvA4D1bM3SMM40TkdJeHZQvRUEqwtoJQl:ZE9ovGPRAL3LM40TWJECFqwail

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46de70509055394d694ae3ad8122e45e

Files

46de70509055394d694ae3ad8122e45e
.exe windows:4 windows x86 arch:x86

9fe685a31593cc30475b2767eb359264

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConvertThreadToFiber
EscapeCommFunction
ExitProcess
GetProcessTimes
GlobalDeleteAtom
GlobalFlags
InitializeCriticalSection
QueryPerformanceFrequency
ReadDirectoryChangesW
SetFileApisToOEM
SleepEx

advapi32

BuildTrusteeWithNameA
ConvertSecurityDescriptorToAccessNamedW
CryptGetProvParam
CryptSetProviderExW
GetExplicitEntriesFromAclW
LookupAccountSidA
RegCreateKeyA
RegCreateKeyW
StartServiceCtrlDispatcherA
StartServiceCtrlDispatcherW

shell32

Control_FillCache_RunDLLW
Control_RunDLL
DllGetVersion
DoEnvironmentSubstA
DoEnvironmentSubstW
DragQueryFileA
RealShellExecuteW
SHAppBarMessage
SHEmptyRecycleBinW
SheSetCurDrive

gdi32

ColorMatchToTarget
CreateEllipticRgnIndirect
CreateHatchBrush
GetCharWidthA
GetCurrentPositionEx
PolyBezierTo
ScaleWindowExtEx
SelectClipPath
SetMagicColors

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE