4c5b0d1f6a2405cc533f74b125fa9063 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c5b0d1f6a2405cc533f74b125fa9063
Size

64KB
MD5

4c5b0d1f6a2405cc533f74b125fa9063
SHA1

3e01f4244fe02c2c8ffb8ed23fe3e87f4d5da016
SHA256

64751c272b550b769a9534b0d45187231b7cc35d40bc3b4db427dcbbe3a09ccb
SHA512

f02f43ff37221d441c77a5231b9185b853e8dfb17f984b66f0460beb67702a3738db3d2c9cf6d679b7357e1b7f0d8c9c7d140ec69cb4a88cba250c436432bd75
SSDEEP

1536:n5zBwciAXlu/19wjf9H2Hg0iaD8LWwuFzETn8cJ1/Rg:n5TlWqjgA/czo/1W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c5b0d1f6a2405cc533f74b125fa9063

Files

4c5b0d1f6a2405cc533f74b125fa9063
.exe windows:4 windows x86 arch:x86

99f53a4aad99c5a02bd1d3ecb8d6695c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
LoadLibraryA
VirtualProtect
GetSystemTime
lstrlenA
GetCommandLineA
VirtualAlloc
GetFileAttributesA
OpenEventW
GetTickCount
GetModuleFileNameW
GetFileTime
Sleep
HeapReAlloc
CreateMutexW
ExpandEnvironmentStringsW
GetUserDefaultUILanguage
lstrcpyA

user32

ToUnicode
FindWindowExA
GetWindowThreadProcessId
GetKeyboardState
DrawIcon
OpenWindowStationA
GetDlgItemTextA
LoadCursorA
OpenDesktopA
SetProcessWindowStation
GetDlgItem
EndDialog
GetWindowTextA
GetClassNameA
GetWindowLongA

shlwapi

PathFindFileNameW
wnsprintfA
SHDeleteKeyA
PathCombineW
StrCmpNIW
PathFileExistsW
wnsprintfW
StrCmpNIA
StrStrW
wvnsprintfW

advapi32

CryptHashData
CryptCreateHash
RegEnumKeyExA
RegDeleteValueA
CryptAcquireContextW
RegCloseKey
RegCreateKeyExA
RegSetValueExA
CryptGetHashParam
DuplicateTokenEx
RegQueryValueExA

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE