5b45801720b7f171d54064dab42a51db | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b45801720b7f171d54064dab42a51db
Size

132KB
MD5

5b45801720b7f171d54064dab42a51db
SHA1

4e9412b7f19ad008bcd7db8248f602c44624a9d7
SHA256

a0412d3ce07273f8e8ec3e7962d55b6cd7fd7200e86f354780cc435b1ba2ba65
SHA512

3fefdadce81ae4fbac67ecb8c681f8d0ee80e49f1ba8c21d3b95ba679ffa17ad5ed0f6be134e7c30479aeaec5576ffbdaa14d375fe737525d4d3548066dc7578
SSDEEP

3072:xuZonTOZapRkgCkZYdpECr0z0cgz9TneFOR7:xuZopJZYvE7z0cOmO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b45801720b7f171d54064dab42a51db

Files

5b45801720b7f171d54064dab42a51db
.exe windows:4 windows x86 arch:x86

d09efab96c7944f5118ac653bc2ba789

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FillConsoleOutputAttribute
DeleteTimerQueue
InterlockedExchangeAdd
BackupSeek
GetProfileStringA
GetCommandLineA
EraseTape
InterlockedCompareExchange
GlobalFree
ResumeThread
OpenWaitableTimerA
FindVolumeMountPointClose
GetPrivateProfileSectionNamesA
UTUnRegister
GetCommandLineA
ExitProcess
GetStartupInfoA

Sections

data
Size: 8KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ