642ee841ac86badb738841c624e59644 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

642ee841ac86badb738841c624e59644
Size

340KB
MD5

642ee841ac86badb738841c624e59644
SHA1

4a34aac9af6e06f4b357d85d2e1b7f00540374ef
SHA256

d0f2f2230a61f8245eb609c3528350c966bcf1ce2fd9e554b5156c62b49cc5ce
SHA512

200377a7dcfec08b52c5cbb11f600d2b0faa8be3fb14717f5c11bab1827f845b4db25462310fce1bf7405e6623962753b8ed8be0b821734c42e5ad2575c4d4db
SSDEEP

6144:GK6ppbSGpKkzYcOGctpYLjP/ccndENDE64oCsE6NlkcRLSuC+A:z6ppXpKP6X6+oCsEQ+4S5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
642ee841ac86badb738841c624e59644

Files

642ee841ac86badb738841c624e59644
.exe windows:4 windows x86 arch:x86

be2de5058725071665dc32e3c27c4e9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
HeapCreate
GetTimeFormatA
HeapDestroy
IsDebuggerPresent
ResumeThread
FreeConsole
GlobalSize
GetUserDefaultLCID
InterlockedExchange
GlobalMemoryStatus
VirtualProtect
WaitForSingleObject
GetSystemTime
GetTapeStatus
GetCommandLineA
GetACP
GetModuleHandleA
GetOEMCP
PeekConsoleInputA
GetCurrentProcessId

user32

GetCursorPos
ReleaseDC
GetFocus
AnyPopup
ShowWindow
wsprintfA
GetParent
GetClassNameA
DrawTextA
BeginPaint
GetWindow
FrameRect
GetTitleBarInfo
CreateIcon
DragDetect
GetDC
SetForegroundWindow
EndPaint
FillRect

ntshrui

SetFolderPermissionsForSharing
GetNetResourceFromLocalPathA
IsPathSharedA
IsFolderPrivateForUser
GetLocalPathFromNetResourceA

msutb

GetPopupTipbar

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 840KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ