8c0731241b3453909b8b7125cb779304 | Triage

Sharing

General

Target

8c0731241b3453909b8b7125cb779304
Size

59KB
MD5

8c0731241b3453909b8b7125cb779304
SHA1

e9e0283ce4de51efb88e23e785eac57daee9cea4
SHA256

a745ecb66893845f6694bd11aab117e36ce4ce7dab1496a00c64e4eb940255ef
SHA512

020b56fdceebf1c2ee1f2ea7d346234f096ca562f08e03108f9390bcf79504658fd4107dfaed589cfc76e91caca6a822faafb46c2195d05706ac8332aff5cb73
SSDEEP

1536:1DWQ3FRgPOMiAmijoMWIcv2V0928qSJkwW2xjgPMah:1jFyPOMmDMM2WM8xW2xYh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c0731241b3453909b8b7125cb779304

Files

8c0731241b3453909b8b7125cb779304
.exe windows:4 windows x86 arch:x86

db96f5ea31b3fbb20a8f89dac57be623

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualProtect
CreateProcessW
GetModuleHandleA
GetFileAttributesW
GetVersionExW
lstrcmpiA
GetModuleFileNameA
ResetEvent
Sleep
EnterCriticalSection
FindFirstFileW
LeaveCriticalSection
lstrcatW
lstrlenW
GetTickCount
FindNextFileW

advapi32

RegSetValueExA
GetUserNameW
CryptCreateHash
CryptDestroyHash
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
CryptAcquireContextW
CryptHashData
RegCreateKeyExA
DuplicateTokenEx

user32

DrawIcon
GetClassNameA
GetDlgItemTextA
SetProcessWindowStation
CharLowerBuffA
DispatchMessageA
GetCursorPos
ToUnicode
ExitWindowsEx
PeekMessageA
FindWindowExA
SetThreadDesktop
GetKeyState
EndDialog
CloseWindowStation
SendMessageA
GetWindowLongA
GetKeyboardState

shlwapi

SHDeleteKeyA
StrCmpNIA
wvnsprintfA
PathMatchSpecW
wnsprintfA
PathFindFileNameW
PathCombineW
wvnsprintfW

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE