598cb8fbb92eb164a1c062807f8f7dbc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

598cb8fbb92eb164a1c062807f8f7dbc
Size

312KB
MD5

598cb8fbb92eb164a1c062807f8f7dbc
SHA1

d32b6bc38cfd17e00dd8da1a49bc25267d756be3
SHA256

a624a8034171680cef5cf4226763e607496e99ec3689534f008bffd9cf76d309
SHA512

72ea64e4771eda1ce2883e2e99c5d9911252f7f850c17b7cae87ccdb5caee1e751611ed15cdbcfb210ec76920a43522ff1264c3859f44b8956d587086929ec7d
SSDEEP

6144:Cbn8YMs5a8nqK7eEvRoOY5Oka6Q2iH0699R2rF531xjk:In8FK7eEvyOY8kb/c4p91K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
598cb8fbb92eb164a1c062807f8f7dbc

Files

598cb8fbb92eb164a1c062807f8f7dbc
.exe windows:4 windows x86 arch:x86

6818bf577f140ed91b6f4ca0e3f0d85b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
TlsGetValue
GetOEMCP
CompareStringA
CreateMutexA
TlsFree
GetPriorityClass
SetEvent
GetConsoleCP
CreatePipe
IsDBCSLeadByte
CreateThread
GetStdHandle
VirtualAlloc
ReleaseMutex
GetUserDefaultLangID
GetShortPathNameA
GlobalFindAtomA
GetExitCodeThread
GetModuleHandleA
GetThreadLocale

user32

GetWindow
GetSystemMetrics
GetForegroundWindow
ValidateRect
GetActiveWindow
GetDC
GetWindowTextA
GetClassInfoExA
RegisterClassA
IsIconic
ShowWindow
GetFocus
CloseWindow
GetClassNameA
ReleaseDC
IsWindowVisible
InvalidateRect
GetWindowTextLengthA
ReleaseDC

shell32

SHChangeNotify
SHCreateShellItem
SHBrowseForFolderA
SHGetFileInfoA
SHGetFolderPathA

ntdsapi

DsBindA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ