97af8feb189cf608424ab16a0f73ed3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

97af8feb189cf608424ab16a0f73ed3b
Size

182KB
MD5

97af8feb189cf608424ab16a0f73ed3b
SHA1

0a2006fdb14614ba94b5e26bba6a44dccfd2603c
SHA256

42a5794faef90174fb12b8cb39225b39ca6e90b39685ba706ab6faf459f96585
SHA512

6d14981544e69f188af295c93738a9018d363bd43be19da17d05de04a53d71749f0a3eca9a9e660f93f39b8da90e0651e127e109545abfba136d2a10a5b8bce3
SSDEEP

3072:noYqLzmtzXxU4YlabbAKrogK1lf5pZ/o+DXd31mUvEv0wK3w9YpcKOpwwswY:nqLkB/YlcAKLKvZ/Dt31vvEvCHOO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97af8feb189cf608424ab16a0f73ed3b

Files

97af8feb189cf608424ab16a0f73ed3b
.exe windows:4 windows x86 arch:x86

4eaa28f388a26436510d1e84035bb118

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
HeapFree
IsBadWritePtr
GetCurrentProcessId
VirtualQuery
TlsAlloc
HeapCreate
QueryPerformanceCounter
VirtualAlloc
EnumSystemLanguageGroupsW
GetSystemTimeAsFileTime
SetLastError
HeapDestroy
GetWriteWatch
HeapAlloc
VirtualFree
TlsFree

oleacc

CreateStdAccessibleObject
AccessibleChildren

shell32

SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW

user32

LoadStringA
SetWindowTextA
GetWindow
CreateWindowExA
LoadImageA
GetDlgItem
DestroyIcon
GetParent

winmm

mciSendCommandA

shlwapi

PathAddBackslashW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ