5670553e92100d302df0771769138a68 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5670553e92100d302df0771769138a68
Size

32KB
MD5

5670553e92100d302df0771769138a68
SHA1

b7c5cf7fbe13e4f363b7e3db521b98e6d2e173e9
SHA256

445c47d6601c579bcb3ad6b6c0fb54c919d885762d712f4d0cd6254dfeaec4ee
SHA512

cfcc722cc043b9655639c3978a871fe80850ab33b5897481faec809c31f7fd618eca7067dfd19dc560e00a71997e3b9ea6988d5759f6e3946e66ded5548feb49
SSDEEP

384:r4Om5uaWebzuqKhd2PA+cYzf0dfPwItQ/gvhJQ5086ds8gx9zIkbRV63KjoYl:xWuaWYFKvGcLfPw4QAha9FrzIzW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5670553e92100d302df0771769138a68

Files

5670553e92100d302df0771769138a68
.exe windows:4 windows x86 arch:x86

de4b56c7b77aa336cf45839802f7dd8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
CreateFileMappingA
RtlUnwind
GetSystemTime
GetTempPathA
OpenProcess
CreateFileA
DisableThreadLibraryCalls
GetTimeZoneInformation
CloseHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
InterlockedDecrement
FormatMessageA
InterlockedExchange
VirtualAlloc
GetLocalTime
MapViewOfFile
UnmapViewOfFile
GetLastError
VirtualProtect
GetWindowsDirectoryA
CreateProcessA
lstrcpyA
IsDebuggerPresent
GetFileSize
TerminateProcess
VirtualQuery
GetFullPathNameA
LCMapStringA
VirtualFree
GetModuleHandleA
ExitProcess
LocalFree
ReadFile

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ