963507ab0157bfcfb8be0c4a736eb624 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

963507ab0157bfcfb8be0c4a736eb624
Size

165KB
MD5

963507ab0157bfcfb8be0c4a736eb624
SHA1

49d31789a576506c9c4a41aa2b9961e730cc03e3
SHA256

51201f590a798917ee6575438458a31849d6401403f56e6fbf5873579a88dd92
SHA512

6f251fa745184ece60d78b742ea77998c355c57520a0b22f1db173f20e7faaec3e379c1769f5d8d59ba6cfa5f81b87c38051ffa15d4a4b8afd3e5216edf20e88
SSDEEP

3072:+2v74a63gOtfJLD7i3kio3MPjhB+5Zpjwc5DAPMm3:Dx63ddWo3mVBCZpUc+Pz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
963507ab0157bfcfb8be0c4a736eb624

Files

963507ab0157bfcfb8be0c4a736eb624
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

c55d58516ab8b94df1945dd02ca3b318

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

Sections

CODE
Size: 157KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE