7bb34e33a5a0e0e0527e4761e4803b37 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7bb34e33a5a0e0e0527e4761e4803b37
Size

61KB
MD5

7bb34e33a5a0e0e0527e4761e4803b37
SHA1

06d627889d54bad187e76e86f18d868e0eea4eee
SHA256

645e63210ab890b8ee1cc25fd3ce87a2c78ac05868960b88c5d692d76a5661dd
SHA512

2f260d6b0ac076c0694064b703fdbd4ddb95e61986aec096a5c82f8534c9b61cbcbfdbd6633110b6c8eeb4de5cfa17dd2b7a3b6b326a3a7242de4304c521d0b9
SSDEEP

1536:bE403qxSIt39Jx/C0fHijMHmh0lPPj7Rx9:YZ3qxSWLxDHIMHmqlX1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7bb34e33a5a0e0e0527e4761e4803b37

Files

7bb34e33a5a0e0e0527e4761e4803b37
.exe windows:4 windows x86 arch:x86

5a128e7c31ce301ddb73b5633a913600

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
HeapAlloc
VirtualAlloc
GetLastError
CreateEventW
VirtualProtect
lstrcatW
ResetEvent
ExpandEnvironmentStringsW
GetUserDefaultUILanguage
lstrcmpiA
SetFilePointer
InitializeCriticalSection
GetFileSize
SetEvent
WideCharToMultiByte
GlobalUnlock
CreateFileA
GetCommandLineA
CreateThread
lstrlenA
GetSystemTime
lstrcpyW

advapi32

CryptReleaseContext
CryptGetHashParam
DuplicateTokenEx
RegQueryValueExA
CryptDestroyHash
RegDeleteValueA
RegCloseKey
GetUserNameW
CryptCreateHash
CryptHashData
RegSetValueExA
CryptAcquireContextW

shlwapi

PathFileExistsW
wnsprintfW
SHDeleteKeyA
PathRemoveFileSpecW
wvnsprintfW
PathMatchSpecW
StrCmpNIA
PathFindFileNameW
StrStrW

user32

FindWindowExA
CloseDesktop
GetDlgItemTextA
GetWindowThreadProcessId
CharLowerBuffA
GetDlgItem
GetIconInfo
SetThreadDesktop
OpenWindowStationA
GetMessageA
PeekMessageA
ExitWindowsEx
SetProcessWindowStation

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE