50f7e0531b35f181ce0818b7b6db7fb8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

50f7e0531b35f181ce0818b7b6db7fb8
Size

423KB
MD5

50f7e0531b35f181ce0818b7b6db7fb8
SHA1

b20163e6a2f3f1dfb1cee755eba6bb6ff0fa3186
SHA256

8b03e9f73ca7c8c803d8dfa2a24e985cca38a38a5f77175a729a2087290e63c7
SHA512

9cf37fb8496458cb5f30eef59b902b459da228e55acc6b64c1b8e7fe8c9527df49f53e8af0452b637d03fd84c18de91216b52262a6af421f727d69c86d8142b4
SSDEEP

6144:jUnuIJZAYZRckQzuZ8tStMJWacBS1mWrhu/W8B3r9OFTuz7W3hGlpyHaShijcG3z:jUuIJb58iMLIS4WrhujvOdOyCkf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
50f7e0531b35f181ce0818b7b6db7fb8

Files

50f7e0531b35f181ce0818b7b6db7fb8
.exe windows:4 windows x86 arch:x86

e8a212d7e37e1eb2d149439f2c0112d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
WaitForMultipleObjects
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
GetPrivateProfileIntW
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
GetTickCount
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
GetLongPathNameW
EnumCalendarInfoW
SetThreadIdealProcessor
InterlockedExchange
RtlUnwind
MapViewOfFileEx
QueryPerformanceCounter
VirtualQuery
LoadLibraryA
ExitProcess
OpenFile
GlobalAddAtomW
SetConsoleMode

shell32

ShellHookProc

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ