737fe39a4d793f2304c227184c62751c | Triage

Sharing

General

Target

737fe39a4d793f2304c227184c62751c
Size

24KB
MD5

737fe39a4d793f2304c227184c62751c
SHA1

38853300434858cfb727fb6090f77d2b8a21f2a3
SHA256

ae7992dc07b987c849c31627a5997c1c9f196c665e6e0c89aa61b64b3179abb7
SHA512

decd2d042b08ebba5909f262b279ae85ea25b7d98dbd8553820f2f6db962428b78fc225ee762334849e885d576d0a3a67f67a58b2f09fd5579ee607f2181c919
SSDEEP

384:CNDvnOiK37AhlxKmFQp7h6AaaoXMypct5mAaKUk:CNjnOi4/tPaaoXTat5mnKUk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
737fe39a4d793f2304c227184c62751c

Files

737fe39a4d793f2304c227184c62751c
.dll windows:4 windows x86 arch:x86

1c8cd12127b8a54938b4a5ce678452ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetKeyState
GetKeyboardState
MapVirtualKeyA
VkKeyScanA
ToAscii
GetWindowTextA
EnableWindow
FindWindowA
FindWindowExA
EnumChildWindows

msvcrt

_initterm
malloc
_adjust_fdiv
_itoa
free
strrchr
atoi
rand
strchr
strcmp
strcpy
strstr
fopen
fwrite
fclose
fread
time
??2@YAPAXI@Z
memset
memcpy
??3@YAXPAX@Z
_strlwr
srand

kernel32

EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetTickCount
GetModuleHandleA
InitializeCriticalSection
DeleteFileA
CopyFileA
CreateThread
GetTempPathA
lstrcpyA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
VirtualAllocEx
GlobalAlloc
GlobalLock
CreateRemoteThread
ReadProcessMemory
lstrcatA
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
Sleep
lstrcmpA
lstrlenA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ