7ac22984344c54f2c0daa75e32c2f997 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7ac22984344c54f2c0daa75e32c2f997
Size

168KB
MD5

7ac22984344c54f2c0daa75e32c2f997
SHA1

0cbf0a8fc0835dfd83228df37e1d38bb13880fb0
SHA256

e966c9a02958178c6c8ca98df898ad8289ecbe589f1b42a1b91d1ff9163f2e84
SHA512

5011a4e1f99d7c8b84478da06008075af84d89539e3d7c5a5c61312b798794e41dea31b9f5473db23b4e07af76c843af3779b8b9a6cba2d1651f821e6407b622
SSDEEP

3072:b4SC4AACV22hcnnMjPlyQ5Mq24L+6SVWsTdzGClmSQo5dLk7062YLVCymH:b4ZDACVDKnn8lyQ5v24LefdNi61kdCyq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ac22984344c54f2c0daa75e32c2f997

Files

7ac22984344c54f2c0daa75e32c2f997
.exe windows:4 windows x86 arch:x86

e4ea5b1eac4a437528e6479d4a65e950

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateProcessW
CloseHandle
DeleteFileW
GetCurrentThreadId
GetTickCount
GetLastError
CreateDirectoryW
CopyFileW
ResetEvent
VirtualFree
VirtualProtect
VirtualAlloc
GetCurrentProcessId
WriteConsoleA
HeapFree
GetTempPathW
HeapAlloc
GetProcessHeap
GetModuleHandleW
GetStartupInfoW

shlwapi

SHRegCreateUSKeyW
SHRegWriteUSValueW
StrCmpW
SHDeleteKeyW
PathAppendW
SHRegCloseUSKey
PathQuoteSpacesW

ole32

CoInitialize
StgCreateDocfile
CoSuspendClassObjects
CoUninitialize
OleSetContainedObject
OleCreate

msvcrt

fseek
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_onexit
__dllonexit
_controlfp
_except_handler3
_wcmdln
time
strncmp
memmove
strchr
atoi
wcslen
exit
fclose
fwrite
fputs
_XcptFilter
fopen
free
realloc
malloc
localtime
_ftol
_exit
__set_app_type

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ