561f5e2100121a39bf82135737e2a1ec | Triage

Sharing

General

Target

561f5e2100121a39bf82135737e2a1ec
Size

17KB
MD5

561f5e2100121a39bf82135737e2a1ec
SHA1

1f633b5f78ee54bd36b334108323db9bb396292a
SHA256

7658163873df6a2ba6b9346e4dafe62ee3a5e2b33d0d350d8d119fad375f3e2f
SHA512

6eb6ebccc71cde068631d11a8c6a5ec1cc7b38576026e299563cc2557cdb50aafca9fa1c7c2f6f66838fab6912078e57b8f452d0b0003a816238e75340e48bbf
SSDEEP

192:68bj/vn9birv+DDFH5Eah6TbDvJVV/yMpYMpkz2sDMtBctyYUKu9:zXn9b9qaQnDEd9znDMtutyYw9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
561f5e2100121a39bf82135737e2a1ec

Files

561f5e2100121a39bf82135737e2a1ec
.exe windows:4 windows x86 arch:x86

f2a0e30819a6369c12610dbafaba2d54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
SuspendThread
CloseHandle
GetAtomNameA
GetTickCount
GetSystemDefaultLangID
WaitForSingleObject
lstrlenA
LoadLibraryExA
VirtualProtect
InterlockedExchange
GetVersion
WaitForMultipleObjects
GetModuleHandleA
CompareFileTime
GetConsoleCP
GetCommandLineA
SetConsoleCP
HeapReAlloc
HeapCreate
GlobalUnlock

gdi32

GetMetaFileA
EndPath
GetStringBitmapA
FloodFill
BeginPath
CreatePalette
CreateFontA
Ellipse
GdiFlush
GetFontData
EqualRgn
GetMetaRgn
EngLineTo
DeleteDC
DeleteObject
GetTextColor
AbortPath
Escape
CreateICA
GetRgnBox

winmm

CloseDriver
PlaySoundA
auxGetVolume
auxSetVolume
OpenDriver

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ