4c95c9748a3e915c2363a2a71674b171 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c95c9748a3e915c2363a2a71674b171
Size

64KB
MD5

4c95c9748a3e915c2363a2a71674b171
SHA1

5c356fb5f5e3c7dde0699e22a40e1bb0243b283a
SHA256

fb02d4ff8d27b38b13f5bbd0af0b4c13139201eff74729a207f49a331c7908aa
SHA512

5d020c614c11ca9fcad84bb5bcac3dfc1a2c9f52ea8449cc6972f897648cbdab2620c1c5608bdf0b2ade5852a995ed7e76bf3a919ba307cf9310aa75caad596d
SSDEEP

1536:ldbtkynckAXOZfz4aLIhGF2e16t+EGD7SplppZ2M:lLkAcClUaLIhmpwtbGCL2M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c95c9748a3e915c2363a2a71674b171

Files

4c95c9748a3e915c2363a2a71674b171
.exe windows:4 windows x86 arch:x86

e312c80858c223cb824e4c7d1dc13575

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx
GetUserNameW
RegEnumKeyExA
RegSetValueExA
CryptHashData
RegCloseKey
CryptGetHashParam
RegDeleteValueA
CryptCreateHash
CryptDestroyHash
CryptAcquireContextW
CryptReleaseContext

kernel32

SetFileTime
VirtualProtect
VirtualAlloc
WaitForSingleObject
lstrcpyW
GetVersionExW
CreateThread
HeapFree
GetFileAttributesA
ResetEvent
lstrcmpiW
GetUserDefaultUILanguage
LeaveCriticalSection
GlobalLock
GetFileTime
FindResourceW
lstrcatW
GetFileSize
FindClose
lstrcpynW
FindNextFileW

shlwapi

wvnsprintfA
PathMatchSpecW
StrCmpNIA
PathFindFileNameW
StrCmpNIW
StrStrW
wvnsprintfW
PathFileExistsW
PathRemoveFileSpecW
wnsprintfA

user32

GetWindowLongA
ExitWindowsEx
GetCursorPos
GetDlgItemTextA
OpenDesktopA
GetKeyState
SetThreadDesktop
SendMessageA
LoadCursorA
FindWindowExA
CloseDesktop
OpenWindowStationA

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE