73298dbf964c3c804ef1125836371785 | Triage

Sharing

General

Target

73298dbf964c3c804ef1125836371785
Size

385KB
MD5

73298dbf964c3c804ef1125836371785
SHA1

745aac0dc7e7758e95f88d3960cb5a41436e1d5c
SHA256

b4b19c91033a45c9cd1cc39fa7f5423620bfa0147be336541611adfc6b3103f6
SHA512

6b2449dfc5734068d5e7e0e5f807ad6f6ed99dfcd9a00ff433dcabc21f793529bcd24f23494628886a6b33ca7e158f78ca391da429cdba50e64c986abb414d10
SSDEEP

6144:umvPf5FodyI48wc/ldVdpCBdXavGKVYynUclfqp3L0TpJCccXAismtFD:uMFKycwc9vm+HYSVqBL0tgzUm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73298dbf964c3c804ef1125836371785

Files

73298dbf964c3c804ef1125836371785
.exe windows:4 windows x86 arch:x86

7846bbba937a800c4fa657a155cc5861

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
CreateNamedPipeW
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
ExitThread
WriteFileEx
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
FileTimeToLocalFileTime
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
GlobalGetAtomNameW
CreateMailslotW
lstrcmpi
InterlockedExchange
RtlUnwind
GetCommandLineA
QueryPerformanceCounter
VirtualQuery
LoadLibraryA
GetDriveTypeW
GetWindowsDirectoryW
GetLastError
MoveFileA
ExitProcess
GetTickCount

user32

SwitchDesktop
HideCaret
IsDlgButtonChecked
DdeReconnect
SetCursorPos
CallNextHookEx
ReuseDDElParam
RegisterClipboardFormatA

Sections

.text
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ