5191a44f31ed97c7ba1ecd86afcc1a1b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5191a44f31ed97c7ba1ecd86afcc1a1b
Size

52KB
MD5

5191a44f31ed97c7ba1ecd86afcc1a1b
SHA1

3383f5b85290dbf6a6842d8950d9e55df1027779
SHA256

751a452b6f4844d08c8a95db04ac8dd891206b142807556e1f56e719f5d5869f
SHA512

33dd1bedac0bdbbc7b694cfce0e7430154edc069b22ff9ff6195e3c5eca95a38e1ddaa76fd4770656e15b861c0d62be40274889ba594c71bf2caab07b124e343
SSDEEP

768:LTper6/HGj4zkSGKFS1+V4CplV57zwCREjygL+Yb/LXFqb6PRnv17t2y1vvW:LUUH/GdPCplrkCREdL+YbjgW1TvW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5191a44f31ed97c7ba1ecd86afcc1a1b

Files

5191a44f31ed97c7ba1ecd86afcc1a1b
.exe windows:4 windows x86 arch:x86

343531edacdc08184e78d37ccf4b4498

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Beep
ExitProcess
GetCurrentThread
GetDiskFreeSpaceA
GetEnvironmentStringsA
GetModuleHandleA
GetProcAddress
IsDebuggerPresent
Module32Next
OpenProfileUserMapping
QueryDosDeviceW
SetVolumeLabelW

advapi32

BuildTrusteeWithSidW
CryptEnumProviderTypesW
CryptSetProvParam
DuplicateToken
LookupAccountSidA
MakeAbsoluteSD
ObjectCloseAuditAlarmA
ObjectCloseAuditAlarmW
RegEnumValueA
RegQueryValueExW
RegUnLoadKeyA
SetFileSecurityW
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup

user32

CharNextExA
CheckRadioButton
ChildWindowFromPoint
DestroyMenu
FrameRect
GetClassWord
GetDlgCtrlID
GetUpdateRect
LoadImageW
RegisterDeviceNotificationA
SetDlgItemTextW
TrackPopupMenuEx
TranslateMDISysAccel
wvsprintfA

shell32

Control_FillCache_RunDLLW
DragQueryFileA
SHGetDataFromIDListW
SHGetDiskFreeSpaceA
SheRemoveQuotesA
SheSetCurDrive
ShellAboutA

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE