894bf0cea3681c593824f8d1112b752a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

894bf0cea3681c593824f8d1112b752a
Size

637KB
MD5

894bf0cea3681c593824f8d1112b752a
SHA1

9e7d8441fe3ed598594ad2464071ff18445ed3a3
SHA256

8d4adb65e0b22d96ab87f2aac97966d8396f257aa6bed6582653e3ec9927f92a
SHA512

42e5753275741d316952613ef9a666b2992381a4c914a457a2f65a724367172fe0e31f935597a1b3111e5df8472275ed67261fa08dddbd23b6841a0cde5b042c
SSDEEP

12288:X3R1+jSpEoRzUA4Usj5sWUznwnprl76IkNjfCJaqYYNwJAULO4ywEWYd0:XhEjSpEoRzU3UEgwnpR76IkEaMNwJAJY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
894bf0cea3681c593824f8d1112b752a

Files

894bf0cea3681c593824f8d1112b752a
.exe windows:4 windows x86 arch:x86

c949e8febc11f99d0d5b2456e5ad7c70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
LoadLibraryA
FindAtomA
GlobalUnlock
TlsGetValue
VirtualProtect
GetStdHandle
GetModuleHandleA
GetProfileIntA
HeapWalk
InterlockedExchange
WaitForSingleObject
GetConsoleCP
GetTickCount
lstrlenA
CompareFileTime
TlsFree
HeapReAlloc
GetVersion
CloseHandle
GetAtomNameA

user32

InsertMenuA
TranslateMessage
GetDlgItem
DialogBoxParamA
CopyRect
GetKeyboardLayout
DispatchMessageA
MessageBoxA
InflateRect
SubtractRect
GetWindowTextA
GetScrollRange
ModifyMenuA
SetPropA
GetMenuStringA
ShowWindow
UpdateWindow
PostQuitMessage
EqualRect
EnableScrollBar
CreateCaret
LoadIconA
GetMenu
PostMessageA
SetWindowPos
DestroyMenu
PaintDesktop

msi

MsiEnumClientsA
MsiDoActionA
MsiEnumProductsA
MsiCloseHandle
MsiGetMode

clbcatq

CoRegCleanup

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ