65cad4583da24a397d110d7881796dc7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65cad4583da24a397d110d7881796dc7
Size

88KB
MD5

65cad4583da24a397d110d7881796dc7
SHA1

eb4e8fe2390ad91f26dfcf03dc27690a4c7aa8d7
SHA256

ec029a122f6cd114ed93071652b088e2e9c8b5e764c63080b7d6746ea8d16e70
SHA512

0dc2d38eb768135ad53805c487aab3e3ba6945ca650663eeac7777e9d6a710c9a4beb38aeb0e874f903c9343cfc639b4dfd4034ca395175b0c2d35e8ebe62348
SSDEEP

1536:AOU6CCdVuUB24Ngwy6SogaaQg2Qz+lJG42rgw:LTCCuS24NfyogaaQdQzt428

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65cad4583da24a397d110d7881796dc7

Files

65cad4583da24a397d110d7881796dc7
.exe windows:4 windows x86 arch:x86

86f65baf0779a6772fb5dadd1541f50d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetCommandLineA
FreeConsole
GetDriveTypeW
GetDiskFreeSpaceExW
FindClose
IsBadReadPtr
EnumResourceTypesA
SetLastError
PulseEvent
GetLastError
VirtualProtect
GetModuleHandleA
TlsGetValue
LocalFree
IsBadCodePtr
CloseHandle
LoadLibraryExA
DeleteCriticalSection
GetDateFormatA

shell32

SHGetDiskFreeSpaceA
ShellMessageBoxA
DllUnregisterServer
SHGetSettings
DragQueryFileA
SHGetMalloc
StrChrA
DragFinish
DuplicateIcon
DragAcceptFiles
SHFree
ExtractIconA
ShellAboutA

msasn1

ASN1BERDecEoid
ASN1BERDecCheck
ASN1BERDecDouble
ASN1BERDecBool
ASN1BERDecFlush

advapi32

RegCloseKey

Sections

.text
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ