52a796a24033f7c2316267d756308352 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

52a796a24033f7c2316267d756308352
Size

84KB
MD5

52a796a24033f7c2316267d756308352
SHA1

a571642f02f961ecf12f7e666361cb3d066d7e45
SHA256

e77fe3ccd80036bd119208a16b103d81c6e267cc4103931bf7808f1cb07bd0f5
SHA512

e4a3ab076608f8e4295388b062d03cb9f45ccf382c18c42374c2511377442e903052b0cc99615da48c821dbf117b902f304091221845c0f0b72235cac5b36cf9
SSDEEP

1536:/ozQpQ5EP0ijnRTXJgff0EumfUq2Qmc27uIqC:/ozQIURTXJ2Uq2Qv2yM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52a796a24033f7c2316267d756308352

NSIS installer 1 IoCs

resource	yara_rule
sample	nsis_installer_2

Files

52a796a24033f7c2316267d756308352
.exe windows:5 windows x86 arch:x86

fde8fc6d89a103269a91db9a550eb922

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcslen
wcscpy

kernel32

GetExitCodeProcess
GetCommandLineW
GetStartupInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
FindResourceW
SizeofResource
LoadResource
LockResource
GetTempPathW
GetTickCount
CreateFileW
WriteFile
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryW
ExitProcess
Sleep
DeleteFileW
GetProcessHeap
WaitForSingleObject
CreateProcessW
HeapAlloc
GetStartupInfoW

user32

wsprintfW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ