7af2de5dc9b1263b1079ca36ddf6b04a | Triage

Sharing

General

Target

7af2de5dc9b1263b1079ca36ddf6b04a
Size

67KB
MD5

7af2de5dc9b1263b1079ca36ddf6b04a
SHA1

d2b1b3f9fa5f418881fbaa471db3833c45835929
SHA256

6695c2627fa3e998e11f7f973bbf0f10e2325e9bb2b613ee9842588d6f2bce3c
SHA512

b09b5649f48c0488b2fe2a43a967a6e6de5837cb1f80c0bb0f9477ffd5b60b29a680d372552c0ac0f7bafe646297bccade21d898759d2c0989741f007b1323d0
SSDEEP

1536:mzGle7EOcpNW5hrSGmYCNzrYeSGBcop5vMa2VqmKUArAT7:mzG87EOntSrYCNzChMKa6aDAT7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7af2de5dc9b1263b1079ca36ddf6b04a

Files

7af2de5dc9b1263b1079ca36ddf6b04a
.exe windows:4 windows x86 arch:x86

7476c833185b585353fa12c3904cda57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DrawIcon
GetMessageA
GetDlgItem
GetDlgItemTextA
CharLowerBuffA
MsgWaitForMultipleObjects
GetIconInfo
GetKeyboardState
PeekMessageA
SetThreadDesktop
OpenWindowStationA
CloseDesktop
EndDialog
GetClassNameA
CloseWindowStation
FindWindowExA
SetProcessWindowStation
ToUnicode
OpenDesktopA
GetForegroundWindow

advapi32

CryptHashData
CryptGetHashParam
RegQueryValueExA
CryptReleaseContext
RegSetValueExA
CryptAcquireContextW
RegEnumKeyExA
DuplicateTokenEx
RegCreateKeyExA
CryptCreateHash
GetUserNameW

kernel32

VirtualAlloc
CreateThread
VirtualProtect
GetModuleHandleA
WideCharToMultiByte
LeaveCriticalSection
FindNextFileW
lstrcatA
GetModuleFileNameW
lstrcatW
GetLocalTime
CreateEventW
GetTickCount
GetModuleFileNameA
lstrcmpiA
SystemTimeToFileTime

shlwapi

wvnsprintfW
wnsprintfW
PathRemoveFileSpecW
wvnsprintfA
StrCmpNIW
PathCombineW
PathFindFileNameW
StrStrW
PathFileExistsW
StrCmpNIA
SHDeleteKeyA

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE