873c8eb2f5bb22e0ddf4bb33b8507ea2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

873c8eb2f5bb22e0ddf4bb33b8507ea2
Size

241KB
MD5

873c8eb2f5bb22e0ddf4bb33b8507ea2
SHA1

5732ad96023e71829b147e1595dc8799e271f76c
SHA256

8aec0ac4477f0d4202b09015933df9a0fb7af1ef99e96e43cb245189cb8f02e9
SHA512

2d69d767a89a4a29b5820d6c3ee1a2ce82fdcd67fb077d222191d6a8df56610628dcf3f6d7a7e95e1282aa3b0d3204eb14dc9ca91acc9750146618c9774af6d6
SSDEEP

6144:Wzb3EQcGM4Iib3XFaZqivLK/PsxBFX6BRohAWsqd7euJ3:WzbUJGMbaatvLCU3FX0JISC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
873c8eb2f5bb22e0ddf4bb33b8507ea2

Files

873c8eb2f5bb22e0ddf4bb33b8507ea2
.exe windows:4 windows x86 arch:x86

ee0c28d19def9ef5dd3cddb373c0f083

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

cfgmgr32

CMP_Init_Detection

shlwapi

PathFileExistsW
PathRemoveFileSpecA
PathAddBackslashW
PathFileExistsA
PathRemoveFileSpecW
PathIsDirectoryW

user32

SendMessageA
EnumDesktopWindows
PeekMessageA
GetDesktopWindow
PostMessageA
EnableWindow
FindWindowW

kernel32

GetProcessHeap
GetTempPathW
GetFileSize
GetPriorityClass
ExitProcess
GetCommandLineA
GetModuleHandleA
ResetEvent
SetEvent
SetCurrentDirectoryA

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.strings
Size: 5KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ