5399dedc0d6f8eb4ea78aabb19e33dd8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5399dedc0d6f8eb4ea78aabb19e33dd8
Size

11KB
MD5

5399dedc0d6f8eb4ea78aabb19e33dd8
SHA1

24f54059b6fafec55851dcdfd4e80a0ad796f24a
SHA256

5ec6fd883bc0b0260bf9a47e56c81db2df3c585e124deca2c0e57f880a3df633
SHA512

6b6fed4ab5a6c446549e3597f39fcff7bf5f324df1f3f1736b505a8fb84dfd9c5a5eb40167a6d158e23d6da343e0c6eb89e0f8de41b64327e0f9c40380df46ef
SSDEEP

192:dsnwQ9HWnF8czr0so7RWMGz1Rtc1GKy+2ePVY68pVEdiCFGZScZUPmnxE0Ro4/v:6D99cXo8MyTKyXsbelvxE0Rokv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5399dedc0d6f8eb4ea78aabb19e33dd8

Files

5399dedc0d6f8eb4ea78aabb19e33dd8
.exe windows:4 windows x86 arch:x86

b4794217828654930726c24c0b93e62c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
LoadLibraryA
DeleteFileA
GetCurrentProcess
GetProcessHeap
PulseEvent
FreeLibrary
GetModuleHandleW
GetProcAddress
CloseHandle
VirtualQuery
InterlockedExchange
ExitProcess
GetModuleHandleA
GetCommandLineA
HeapAlloc
HeapFree
WriteFile
OpenProcess
CreateFileA
GetFileAttributesA
GetTempPathA
TerminateProcess
Process32First
CreateToolhelp32Snapshot
CompareStringA
VirtualAlloc
HeapReAlloc
RtlUnwind

user32

wsprintfA
CharToOemA
MessageBoxA
ExitWindowsEx
AnyPopup
ShowWindow
GetForegroundWindow

advapi32

RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE