480b658de04f5f1bd8b59c5580a3635f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

480b658de04f5f1bd8b59c5580a3635f
Size

320KB
MD5

480b658de04f5f1bd8b59c5580a3635f
SHA1

28870a4e866993be183f9acb1feb72695f6e8fc5
SHA256

c1c9e11df9fc4ec9ab0f1359f73fe3337191d1c8b352498300e5fee1f353c4de
SHA512

de3194face8da624586a198edccea1741a8cfb6aa0552469d441a942612df34ae1c16e71670175f752a578e7598e7d5cdc58dba266ad7b4f1bb66ff12b956651
SSDEEP

6144:KkuThnrGRql5u7toNWPGvVn1qp2fw6r+0qBDwAB2s8Pdw9AjQ1HdAcdfppae1:f+hyRaQiWo1qpR6IDz6deqeaO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
480b658de04f5f1bd8b59c5580a3635f

Files

480b658de04f5f1bd8b59c5580a3635f
.exe windows:4 windows x86 arch:x86

c42bf4107481f4960a34f220d5944482

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

shell32

ShellExecuteA

Sections

CODE
Size: 306KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE