76fb79493c942d07716be8be7254041b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

76fb79493c942d07716be8be7254041b
Size

1.7MB
MD5

76fb79493c942d07716be8be7254041b
SHA1

ee10e341254f121c2118b3120d681c780fbabf02
SHA256

e3e68d412fb335778af8b7ab7e4b8cfaecafa264f00aef2a7c7bd7e9ffe92dbb
SHA512

739798fb7e907229205228b8d3559401d70a1ac749613ca5c3596eb5c41151b8f9937c8e5d66bf1e3cfb34be523260009e89be6d8661e039aa9159749c752523
SSDEEP

12288:23N9vQwJGYWKgnC9AitlhmKQyCtttVDBrQcXEOKy:2dhIjC9AiHUKQhDtVDKg0y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76fb79493c942d07716be8be7254041b

Files

76fb79493c942d07716be8be7254041b
.exe windows:4 windows x86 arch:x86

a9e4b0e9dc5977d63dd114671c769094

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

FindClose
FindFirstFileA
FindNextFileA
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetVolumeInformationA
GetWindowsDirectoryA
LocalAlloc
ExitProcess
ReadFile
CreateFileA
Sleep
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
CloseHandle
LocalFree
SetFilePointer

advapi32

RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegCreateKeyA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PROGRUP
Size: 395B - Virtual size: 395B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE