5c44a071f731632d127227261baaf197 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c44a071f731632d127227261baaf197
Size

177KB
MD5

5c44a071f731632d127227261baaf197
SHA1

93624ff4ba4f1f32b2db008fbe6fd99084858538
SHA256

3c3789c07eec0c09f15927375b3fb71608a01c9eb183921d9c39c78a39feb290
SHA512

40802396fb3c4fe28488358ddb24f15f802e4da22d4b905d83a022323cfd6aa0945a89e6552c126fd29cfffeac534681d318beba7db90a0027fb55aa5160d89f
SSDEEP

3072:NFPzJiOI/uXX2IQO3FT4HBV836ixVe4ZojZMWutBSkaB8pP:XPzMOGuv9TIV83hbebjqWutBSka

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c44a071f731632d127227261baaf197

Files

5c44a071f731632d127227261baaf197
.exe windows:4 windows x86 arch:x86

a265de546f3fb10a6966b7367c9dad61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetDefaultContext
CoTaskMemAlloc
CoInitialize
StringFromGUID2
CoUninitialize
CoTaskMemFree

kernel32

GetProcessId
GetCalendarInfoW
LocalFree
LocalAlloc
WideCharToMultiByte
InterlockedExchange
SetEnvironmentVariableW
GetProcAddress
GetModuleFileNameW
OutputDebugStringA
VirtualQuery
GetModuleHandleW
GetCurrentProcess
FreeLibrary
MultiByteToWideChar
GetCurrentDirectoryW
GetModuleHandleA
lstrcmpiW
EnumResourceNamesA
GetCurrentThreadId
SetLastError
GetLastError
InitializeCriticalSection
GetFileAttributesW
SearchPathW
VirtualProtect
CreateDirectoryW
DuplicateHandle
ExitProcess
lstrlenW
OutputDebugStringW
GetFileInformationByHandle
Sleep

gdiplus

GdipGetImageWidth
GdipDisposeImage

shlwapi

SHRegGetValueW
PathIsUNCW
PathSkipRootW
PathGetArgsW
StrDupW
PathFindFileNameW

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ