638a058b6536d012fd2f776f15f26f97 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

638a058b6536d012fd2f776f15f26f97
Size

8.9MB
MD5

638a058b6536d012fd2f776f15f26f97
SHA1

3811946d28fbc000d4a0d4bd550c2b415c1f9f83
SHA256

84ba6a682214dd2dc2f2d4b2b9d57dc491f4ed96f8a9a257707b6327c5f1c34e
SHA512

307564f3e727b3776c3fb51b9206cc62e18085e65bc2276f4bc3a744055f6d65fa8ecc3dc6a5e8193bca78351305a94cf7e9171ad8d04d91526b7946a2927fae
SSDEEP

196608:I7ioiSrLjAgVf3vaDi4Ow5I1mN/9uNhy2v84Gje3aOR2/YLqi:IwuXAglvaDi4O0I1mN/J2BGK3a02yT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
638a058b6536d012fd2f776f15f26f97

Files

638a058b6536d012fd2f776f15f26f97
.exe windows:4 windows x86 arch:x86

a52150260066d3d1529c887a65617b97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteFile
LockResource
LoadResource
FindResourceA
CloseHandle
SizeofResource
WaitForSingleObject
lstrlenA
DeleteFileA
lstrcatA
lstrcpyA
GetModuleHandleA
GetCommandLineA
FreeResource
CreateProcessA
GetTempFileNameA
GetTempPathA
lstrcmpiA

user32

LoadStringA
MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 4KB - Virtual size: 897B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ