65e859e19bd78964058f46b40da78867 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65e859e19bd78964058f46b40da78867
Size

2.1MB
MD5

65e859e19bd78964058f46b40da78867
SHA1

ae749a52e14c88e1d6adc2fd379416fe05454175
SHA256

2de527e757c58d616d36b9c2b06a50ea254d2555075080cfd727d5f98bddf639
SHA512

882844fc3cc1aedc3113846d2e0aa6b6ea3159c2d31ddc305ecae83685b41563de7ca3cc34750076a6f31b88b5c1e1c675b27b901f43910e68247478c6900e5d
SSDEEP

49152:5QSSvOxu05N/1elo4b4DusAvbNf9fXwGgOUbci2t4gwQ8H:5N1edf96OaSFwQ8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65e859e19bd78964058f46b40da78867

Files

65e859e19bd78964058f46b40da78867
.exe windows:4 windows x86 arch:x86

10a00aee444e2dbb897a1165fd3d464c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileW
IsValidLocale
SetEvent
VirtualFree
HeapDestroy
FreeEnvironmentStringsA
TerminateProcess
lstrlenA
GetProcAddress
GetCurrentThreadId
SetLastError
SetFilePointer
FindClose
FileTimeToSystemTime
RemoveDirectoryA
GetLocaleInfoA
InterlockedIncrement
GetModuleFileNameW
LoadLibraryA
VirtualAlloc
RaiseException
GetSystemTimeAsFileTime
GetProcessHeap
CreateFileMappingA
LoadLibraryW
GetStdHandle
GetVersionExA
GetModuleFileNameA
SizeofResource
CreateFileA

advapi32

RegOpenKeyExW
RegSetValueExW
RegOpenKeyW
RegOpenKeyExA
RegCreateKeyExW
RegQueryValueExW

user32

MapWindowPoints
GetClientRect
TranslateMessage
PostQuitMessage
FillRect
GetSysColor
UnregisterClassA

aclui

CreateSecurityPage

msvcrt

memset
malloc
_XcptFilter

Sections

.text
Size: 1011KB - Virtual size: 1010KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 525KB - Virtual size: 525KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ