8649bd69f64aa6e96ff29bed2fc323eb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8649bd69f64aa6e96ff29bed2fc323eb
Size

166KB
MD5

8649bd69f64aa6e96ff29bed2fc323eb
SHA1

471682498daee5793a3050d16592d341eac50a15
SHA256

87d093c25222d8545cd17f4fe80fcd2bd9d919c8bbc263496f7046b5ddde8ec2
SHA512

9d5bd5e44034d2b84ff6826b6c0fd45cb45d04694753ef6d0fe98217586d0f1e720ba7779a1c2fc4260748a85ddebc8f20efaf3539efc5ca624e88e9d6e4218d
SSDEEP

3072:di2V6K1mBc/PfWMEIuMNp6hLn2L1qFAPe+wfXCPjZSMK+xzQIZSVi:R6K1mu/POMEHMN/UAPcfXojZJzQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8649bd69f64aa6e96ff29bed2fc323eb

Files

8649bd69f64aa6e96ff29bed2fc323eb
.exe windows:4 windows x86 arch:x86

278786a929a7b632a34fed045d8300c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strlen
wcscspn
sqrt
strncmp
sin

comdlg32

FindTextA

shell32

SHGetDiskFreeSpaceA
SHGetFileInfoA
DragQueryFileA
Shell_NotifyIconA
SHGetDesktopFolder

advapi32

RegOpenKeyExA
GetUserNameA
RegQueryValueA
RegDeleteKeyA

kernel32

GetProcAddress
GetModuleHandleA
GetCurrentThread
SetHandleCount
ExitThread
ExitProcess
GetCommandLineW
GetModuleHandleW
GetCommandLineA
IsBadReadPtr
VirtualAlloc
GetDiskFreeSpaceA
lstrcmpiA
GetOEMCP
LoadLibraryExA
GetTickCount
GetACP
GetThreadLocale
CreateFileA

oleaut32

RegisterTypeLib
SafeArrayGetElement

Sections

CODE
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ