96e49e485e70fbc0d0ffdddd796996fb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96e49e485e70fbc0d0ffdddd796996fb
Size

60KB
MD5

96e49e485e70fbc0d0ffdddd796996fb
SHA1

023669ba36c762d9a2eb2e4a0319768b0de113cf
SHA256

4febe665ff47f0fa1ad884c8cdf5e466669f9071086bb95ad0cc346b1820e4c2
SHA512

cd01aec0c1bee629e28bb3a72ceef94a86b00421ab97483cc3c9c903c90e972b85b7a3475145d9ac54b6cfb4a9ea67ee3c25a17ca0c36f4d87f4d436023fc889
SSDEEP

1536:BkIrBD9b4+WkZgXODAeXZ020slDq0rsBHJDAF4xI4Bc9Id:BHrBd4YP9y2E0WhmB42Id

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96e49e485e70fbc0d0ffdddd796996fb

Files

96e49e485e70fbc0d0ffdddd796996fb
.exe windows:4 windows x86 arch:x86

ddd124e0c03561b8808c61c9316635e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

shell32

ShellExecuteA

ole32

CoUninitialize

Sections

CODE
Size: 47KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE