786d63a88d2b7e3fb116767b06845c89 | Triage

Sharing

General

Target

786d63a88d2b7e3fb116767b06845c89
Size

164KB
MD5

786d63a88d2b7e3fb116767b06845c89
SHA1

3ca8758001676e210c54fb1b53a4451cdd49f906
SHA256

57f6f5f75ccd60fdf9522b44b1a965d3743dc09e8f2834225069314f9ff5624d
SHA512

d80f62a86fd2d28b814ca2b3d679ce2bf09660f2579420b940b11a3f96179d54f64eb412b5fa451dbb54c85b06d094c03abdda6e15d93bcd01ae05218fa41071
SSDEEP

3072:7LM0iUy2WAUcvL5n6eu3DuXTcsi44ZfWOK78KU:7o0lWm6eu3aIsi44pWpzU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
786d63a88d2b7e3fb116767b06845c89

Files

786d63a88d2b7e3fb116767b06845c89
.exe windows:4 windows x86 arch:x86

b8a895ce6e27fbd6fbc727400b3c437f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

rpcrt4

UuidCreate

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

user32

DestroyWindow
EnumChildWindows
CreateWindowExW
GetDlgItem
IsWindow
SendMessageA
GetWindowThreadProcessId

kernel32

VirtualFree
VirtualAlloc
LeaveCriticalSection
GetCalendarInfoW
SetEndOfFile
ReadFile
HeapCreate
EnterCriticalSection
GetStartupInfoA
HeapSize
EnumResourceNamesA
InitializeCriticalSection
DeleteCriticalSection
HeapReAlloc
FreeEnvironmentStringsA
RtlUnwind
GetOEMCP
RaiseException
GetCPInfo
IsValidCodePage
GetACP
HeapDestroy
SetFilePointer
ExitProcess
SetEnvironmentVariableA

shell32

SHGetFolderPathW

ole32

CoGetMalloc
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoTaskMemFree
CoQueryProxyBlanket
CoSetProxyBlanket
CoInitializeEx
StringFromGUID2

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ