68645638c0e2d76f908b0fd4a6f34674 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

68645638c0e2d76f908b0fd4a6f34674
Size

693KB
MD5

68645638c0e2d76f908b0fd4a6f34674
SHA1

ce9f8e9b7439612810336b456d41cd6487f51ed1
SHA256

bdc29ede2926e002100336914ff7d3a40ecf27d642a5443b36a1e3e21210598e
SHA512

338635be1c5994af0e9f56369eaaedb977e08640651c6379e0b31a74558802d78dead8e0ac08dde6925f5d2b476639815c7d4e518b2fc8cc38eed22bbb6eb2bf
SSDEEP

12288:nXc0jhBUbSQ/Z6y26yEZUReFIXSg01GYk11gvTWyO5Usl/:MIBUbSA7BQYWnHUsl/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68645638c0e2d76f908b0fd4a6f34674

Files

68645638c0e2d76f908b0fd4a6f34674
.exe windows:4 windows x86 arch:x86

eb69f008215fd28300274bfcb8c14209

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
GetVersion
CreateEventA
lstrlenA
LocalFree
lstrcpyA
GetTickCount
GlobalFree
GetCommandLineA
GetLastError
GetStartupInfoA
lstrcatA
GetVersionExA
GlobalAlloc
GetFileSize
CloseHandle
Sleep

gdi32

ExtTextOutA
DeleteObject
BitBlt
SetBkMode
GetTextExtentPoint32A
GetTextMetricsA
PatBlt
CreateFontIndirectA
GetStockObject
LineTo
GetPixel
GetObjectA
CreateSolidBrush
SetROP2
CreateCompatibleDC
GetDeviceCaps
MoveToEx

msvcrt

__set_app_type
toupper
wcschr
_exit
exit
_XcptFilter

user32

DefWindowProcA
GetFocus
DestroyWindow
ScreenToClient
MessageBoxA
TranslateMessage
LoadIconA
PostQuitMessage
EndPaint
DialogBoxParamA
ShowWindow
EndDialog
CreateWindowExA
GetMessageA
GetClientRect
GetWindowRect
SetFocus
BeginPaint
SetWindowTextA
GetSysColor
DispatchMessageA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 686KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ