970a5bdd95da5bdd931c1091b52ab2f2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

970a5bdd95da5bdd931c1091b52ab2f2
Size

200KB
MD5

970a5bdd95da5bdd931c1091b52ab2f2
SHA1

50e2f092ea8aa91081e957a7a5d42ce9b6188e94
SHA256

53bb4876b80878651d17917b50bb58c9dff28701be32c9e4b1a059f88c1c467d
SHA512

3f0001f488335e0769f94cf16b5359adba0caa6d663e977a9dd6fb780b03740ea951110886611e2431e2ca1885616f7b42b1619b68c4774034621b99e039ef47
SSDEEP

3072:YwA7XbF7rEJtc89a01gFFyJ8Minkxt4feEQoJqgttakNjcLltW1TjvWyKUA6:FA7LF8HvV1+yJzwdQo9ttrSsjvWyKb6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
970a5bdd95da5bdd931c1091b52ab2f2

Files

970a5bdd95da5bdd931c1091b52ab2f2
.exe windows:4 windows x86 arch:x86

75bab2af2dc55bd48d4a52126279cb9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsSetValue
LCMapStringA
HeapReAlloc
WriteConsoleW
GetStringTypeA
GetLocaleInfoA
EnumSystemLanguageGroupsW
GetStringTypeW
GetTimeZoneInformation
OutputDebugStringW
DebugBreak
LCMapStringW
CompareFileTime
IsValidCodePage
OutputDebugStringA
GetCPInfo

oleacc

CreateStdAccessibleObject
CreateStdAccessibleProxyA

winmm

sndPlaySoundA

shell32

SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW

advapi32

InitializeSecurityDescriptor
QueryServiceStatus
GetSecurityDescriptorLength
LookupAccountSidA
PrivilegeCheck
GetUserNameA
AddAce
IsValidSecurityDescriptor
DuplicateTokenEx
SetSecurityDescriptorOwner
RegOpenKeyExW

shlwapi

PathAddBackslashW

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ