529fb285a6a9d37f70576acdb759894d | Triage

Sharing

General

Target

529fb285a6a9d37f70576acdb759894d
Size

75KB
MD5

529fb285a6a9d37f70576acdb759894d
SHA1

01931435296d59a4da1e1bd7f3b5f7ba4847fc7c
SHA256

7942de7938738bd41e9304852a621c94f015e557beb0d55c38be4771910e70fa
SHA512

e0507fc8ce65b211cdce94b595569d866c4637a541d4d8339d7d1439972f69eaed4581003f3453e6038ddfba7ba61ab703d8e848942e8f13da8bc4d2d40d16bf
SSDEEP

1536:vX1pGScUbJF9tzm21eTSW2wQ0/e8Q31V:fySzbJTtn13W2wQUQ31V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
529fb285a6a9d37f70576acdb759894d

Files

529fb285a6a9d37f70576acdb759894d
.exe windows:4 windows x86 arch:x86

98e2354cc48064aebea2f08dc2706377

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegOpenKeyExA
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCloseKey
RegSetValueExA

user32

GetDesktopWindow
wsprintfA
GetWindowRect

ole32

StringFromGUID2
CoCreateGuid

ws2_32

WSAStartup
WSCUnInstallNameSpace
WSAGetLastError
WSCInstallNameSpace

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrcpyA
DeleteFileA
GetTempPathA
CloseHandle
GetVersionExA
GetModuleFileNameA
GetSystemDefaultLangID
ExitProcess
CreateFileA
FindResourceA
lstrlenA
lstrcpynA
LoadResource
ExpandEnvironmentStringsA
WriteFile
WideCharToMultiByte
Sleep
SizeofResource
lstrcatA
MultiByteToWideChar
VerLanguageNameA
GetTempFileNameA
LockResource
RtlUnwind

shell32

ShellExecuteExA
SHFileOperationA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ