8fa98e0d407b262591be5ab4b2d54134 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8fa98e0d407b262591be5ab4b2d54134
Size

64KB
MD5

8fa98e0d407b262591be5ab4b2d54134
SHA1

32b2d00a3560ec14572ed23cb3b81f4e5cf00b14
SHA256

cf9f5a2906bc8bb1a93e7593f38d208516d8c95f037bddcb2177dc46e8a22d23
SHA512

c1bdd6c2bac6d228736b6aad7d488f6702a66e4f0667d6dde7b9b77e2999db5c100c4653b03164bb6bb103a2e6a828316bb6e749d76fe696a0bcb468946a9059
SSDEEP

1536:Vdxb0Mo3l5Oe1UYtPhtdJNRjUj3jwRHYsUWpywD:fxIMG5hJnJTUkYsUoyy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8fa98e0d407b262591be5ab4b2d54134

Files

8fa98e0d407b262591be5ab4b2d54134
.exe windows:4 windows x86 arch:x86

b7b181db91153e335842b008c42958c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowTextA
GetDlgItem
GetKeyState
CloseWindowStation
OpenDesktopA
GetMessageA
FindWindowExA
ToUnicode

shlwapi

wvnsprintfW
PathFindFileNameW
wnsprintfA
PathMatchSpecW
PathRemoveFileSpecW
wnsprintfW
wvnsprintfA
PathFileExistsW
StrCmpNIW
StrCmpNIA
PathCombineW
StrStrW
SHDeleteKeyA

kernel32

GetUserDefaultUILanguage
GetSystemTimeAsFileTime
VirtualAlloc
SetFileTime
lstrcatW
VirtualProtect
GetFileAttributesA
HeapReAlloc
GetFileTime
LeaveCriticalSection
GlobalLock
GetTimeZoneInformation
CreateMutexW
GetFileSizeEx
lstrcmpiA
SystemTimeToFileTime
ExpandEnvironmentStringsW
GetProcAddress
lstrcmpiW

advapi32

GetUserNameW
RegDeleteValueA
CryptReleaseContext
CryptHashData
RegCloseKey
RegQueryValueExA
CryptDestroyHash
CryptAcquireContextW
RegSetValueExA
CryptGetHashParam
RegEnumKeyExA
RegCreateKeyExA
CryptCreateHash

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE