57d904e2637661ec7fdc76767b677936 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

57d904e2637661ec7fdc76767b677936
Size

157KB
MD5

57d904e2637661ec7fdc76767b677936
SHA1

59d5024e6065b75d6970955d048ceaa4556b6d10
SHA256

7b36b9933adbac4a73aa36b7b370c19c23607c1440aa1d5d621c991d6ba4d5eb
SHA512

7403aa96164af287ff1f13f20bfe0c0c89336f08c36780c8643861868b05887cba16fd315a43052c1a617d33385848ff5429c3ed831e8492e423d607acd18855
SSDEEP

3072:8uO4P41loBUkZ6QDTSVT91WQqn2jzLD9uOnmo0y6In8w0oK:jUkZ6QypXzqnwLh/mo5Z0o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57d904e2637661ec7fdc76767b677936

Files

57d904e2637661ec7fdc76767b677936
.exe windows:4 windows x86 arch:x86

8bdbe1c9f5274576ae1e11772cd51171

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

CloseCluster

user32

EnumDisplaySettingsW

kernel32

InterlockedExchange
ReplaceFileW
UnhandledExceptionFilter
TerminateProcess
GetProcessId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
EnumResourceTypesA
GetTickCount
ExitProcess
IsDebuggerPresent
InterlockedCompareExchange
GetStartupInfoW
GetCurrentThreadId
Sleep
GetCurrentProcess

advapi32

RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW

comctl32

InitCommonControlsEx

shell32

ShellExecuteW

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ