488214ccef4d2dbf4850ab6dcf8a39d5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

488214ccef4d2dbf4850ab6dcf8a39d5
Size

314KB
MD5

488214ccef4d2dbf4850ab6dcf8a39d5
SHA1

bded308ef174d92c4bbde63f06153d3c34d4b6b2
SHA256

ab9ad7cd47a5d1fa0493bdbc754d6cd20b095766715c8db8c5af94ce53d353eb
SHA512

9b0ce180d8729c8ff6953505bcf6d742b3e3833e9664d9638a5911d648a41f86f7a6b4b6232afd43440e0ca8a435b2ff0f9415cba6022fa2c5a7ff2e1e359f7f
SSDEEP

6144:shnUkVa3YHEImQ+MIw3EyDhKfjTeM2M0KrOrpCUoe75eqkI6lxW:Wnb/EISb+zajTJ2MhKpCU0qAx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
488214ccef4d2dbf4850ab6dcf8a39d5

Files

488214ccef4d2dbf4850ab6dcf8a39d5
.exe windows:4 windows x86 arch:x86

76995196c5f48d775f2936d252a7cdbb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

SetTimer
KillTimer
GetMessageA
CharUpperA
EnumWindowStationsW
PostThreadMessageA
PeekMessageA
CharNextA
LoadStringA

kernel32

QueryPerformanceCounter
GetCurrentProcessId
ExitProcess
FlushFileBuffers
GetModuleFileNameW
ReleaseMutex
ExitProcess
MapViewOfFile
CreateProcessW
GetExitCodeProcess
CreateFileMappingA
GetStartupInfoA
CreateMutexA
DuplicateHandle
UnmapViewOfFile

rpcrt4

RpcBindingFromStringBindingA
RpcStringBindingComposeA
RpcBindingSetAuthInfoA
NdrClientCall
RpcStringFreeA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

advapi32

RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.venue
Size: 5KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ