485f72a32aa38f339d1efe3569c0d166 | Triage

Sharing

General

Target

485f72a32aa38f339d1efe3569c0d166
Size

167KB
MD5

485f72a32aa38f339d1efe3569c0d166
SHA1

2d34697939750c1d7d611ca9d1c8a1b6b8dcf805
SHA256

1fa145ba7156afaba974606f402dbb9ea99e58f7c1dea0a6a735fecbe084fe6b
SHA512

ce440326d38d08e51cc3a37aee13da03efb59d180d92183912040621fbc6b2da3ac229d8d9afa1924122631d2c0bc1a1cd48d2927cc61ad2818a5e71e5197e8e
SSDEEP

3072:Y8mMQhHbZWg+jOUhJetoD/11H5zu/Il+U78AGF8qbi7HCq/78ZL0vMu:0MQqg+jOPQ11HI/nOVqmrzYU5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
485f72a32aa38f339d1efe3569c0d166

Files

485f72a32aa38f339d1efe3569c0d166
.exe regsvr32 windows:4 windows x86 arch:x86

7daa3b468406a202816f9f23726863fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32FirstW
_lread
ReadConsoleOutputW
SetConsoleCtrlHandler
SetHandleInformation
SetProcessWorkingSetSize
SetEnvironmentVariableA
ReadConsoleOutputAttribute
ResumeThread
CloseHandle

ole32

CLIPFORMAT_UserUnmarshal
CoImpersonateClient

gdi32

GetStockObject
EnumObjects
GdiAlphaBlend
GetTextColor
RestoreDC
GetTextCharacterExtra

msvcrt

memmove
vfwprintf
_utime
_unloaddll
_cprintf
_getpid
_safe_fprem

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ