985271d068f270f6ec8e9821df1571d2 | Triage

Sharing

General

Target

985271d068f270f6ec8e9821df1571d2
Size

184KB
MD5

985271d068f270f6ec8e9821df1571d2
SHA1

5f0ebadcf2f2fc7673be0e9333f65e5ffd8e945b
SHA256

e33b95eb47af8f6a76a83aff0cf72c2750652d8f4977caddec246137dd8a7174
SHA512

b9dcb17ae3b8e1c631fc11351aa1a892b3eac86154130a7aa2121a7259de5c0f7f7dc47dc52a7b2227788489ff6d088e809e48f962817a21e06b116febdd8afa
SSDEEP

3072:MamoQRxnvwY+i0BmHVCnHQby6PSv++BzutGza5FeYIkDS0SOoOVaoF7t2wRsbzNm:MamoQvt+isCCwby6PIPUMAeYDoYPT2H4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
985271d068f270f6ec8e9821df1571d2

Files

985271d068f270f6ec8e9821df1571d2
.exe windows:4 windows x86 arch:x86

a35b478a95d9b143dd3b56f5f7281a6f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQueryEx
ExitProcess
IsDebuggerPresent
RaiseException
GetACP
SetUnhandledExceptionFilter
MultiByteToWideChar
CreateProcessA
UnhandledExceptionFilter
lstrlenW
GetSystemTimeAsFileTime
EnumResourceNamesW
GetCurrentProcess
GetModuleHandleA
GetCPInfoExA
lstrlenA
LocalAlloc
GetEnvironmentVariableA
InterlockedExchange
GetLocaleInfoA
WideCharToMultiByte
GetThreadLocale

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegDeleteKeyA
RegSetValueExA

oleacc

LresultFromObject
CreateStdAccessibleObject

ole32

StringFromIID
ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ