969ed0d2835c815296ff6d2d4e4bf443 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

969ed0d2835c815296ff6d2d4e4bf443
Size

241KB
MD5

969ed0d2835c815296ff6d2d4e4bf443
SHA1

833fc9c6b49575c0ed14ff9755a3f9882c8f11b4
SHA256

dc6efeb27505403ed4935d8805fd0afafdfb9930ad4510b92efb6a05e778d544
SHA512

e16b7ee03ec0af708681834788a15d3333e61f14ee0bedebe258f1e91ab6924fbba816e35ebb892272a6f4d243ce3f381046854b14722d4758027c8e53167ba1
SSDEEP

6144:5aX8cOQHmxVDprCwBrfazfsRj8LZsxbzSNmbofyL11s:wX8jQGxjLwkRj8FsxbzSNqo6LY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
969ed0d2835c815296ff6d2d4e4bf443

Files

969ed0d2835c815296ff6d2d4e4bf443
.exe windows:4 windows x86 arch:x86

f20b7a9479e3f47e5d11e9b726da8c21

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDrives
VirtualAlloc
IsDBCSLeadByte
TlsSetValue
TlsGetValue
lstrcatA
GetCurrentThread
GetUserDefaultLangID
lstrcmpA
GetModuleHandleW
GetCurrentProcessId
GetModuleFileNameA
FreeLibrary
GetCurrentThreadId
GetCommandLineA
GetSystemDefaultLCID
GetACP
GetCurrentProcess
TlsFree
TlsAlloc
GetDriveTypeW

user32

UpdateWindow
GetDC
GetFocus
GetActiveWindow
ShowWindow
GetWindowTextLengthA
CreateWindowExA
GetClassLongA
GetWindow
IsIconic
RegisterClassA
GetWindowDC
GetForegroundWindow
BeginPaint
GetSystemMetrics
IsWindowVisible
ReleaseDC
GetWindowLongA
GetWindowTextA

shell32

StrRChrIA
StrChrIA
StrRChrA
StrCmpNA
StrCmpNIA
StrChrA

msctf

TF_GetThreadFlags
DllRegisterServer
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ