5b5abc7c6b38951e27056989a79ef99d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b5abc7c6b38951e27056989a79ef99d
Size

174KB
MD5

5b5abc7c6b38951e27056989a79ef99d
SHA1

9867c6202aef8375a46288b5f67c683084615237
SHA256

aa09dd5e9132a84435a7989e05919d7569fbc5398c8768072f48ef2bd209e535
SHA512

cf5cf9d4807c9751a82c3cc46f94fade9593f6cb1d12f9dd99333b38a22e1c1eeee89e12170dfa7ed436c2a91b41566cec9e42cf8d03f6f7f987d419dd2728be
SSDEEP

3072:RRMgOO6HpBZKcmzqjq+Xks7RqE7mcH2pInfBNtEkBaPigdv3DcBSjaLCYLJl:AbrMlq++XCE7DH2p0fBNXaPigVceaWYd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b5abc7c6b38951e27056989a79ef99d

Files

5b5abc7c6b38951e27056989a79ef99d
.exe windows:4 windows x86 arch:x86

d1d1187d8e0bd41ebdbc979ca4b98811

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mciSendCommandA
sndPlaySoundA

setupapi

InstallCatalog
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shlwapi

PathAddBackslashA

oleacc

LresultFromObject
CreateStdAccessibleObject

kernel32

lstrlenA
GetAtomNameW
InterlockedCompareExchange
SetUnhandledExceptionFilter
InterlockedExchange
UnhandledExceptionFilter
CreateProcessW
GetACP
GetModuleHandleW
GetCurrentThreadId
LocalAlloc
Sleep
GetSystemTimeAsFileTime
GetLocaleInfoW
EnumResourceNamesA
GetTickCount
GetCurrentProcessId
QueryMemoryResourceNotification
lstrlenW
IsDebuggerPresent
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoW
RaiseException
GetEnvironmentVariableW
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
GetThreadLocale

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ