987e773fe2780b0ef5f09c8dab380467 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

987e773fe2780b0ef5f09c8dab380467
Size

22KB
MD5

987e773fe2780b0ef5f09c8dab380467
SHA1

5d6f17999cd86d111b62335d093a2188c3010e19
SHA256

7a0badc595164b09431aff2b9e4833da7eebabb964210877c9063463b150c50f
SHA512

571ca884feab2e32553a8d864934eae606e167c27fd28c8482d724b9a1bbdce91926cb013025336ae54f06f746033b55f3dcd0f5b3ffcdc80fbc8cee8884fff2
SSDEEP

384:zyuRHRpAFXU0u1+jvGm6cPXuyTYQtpRRWQfAx5yVre4T51f:TsFk0uUzGqPXuDZQvf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
987e773fe2780b0ef5f09c8dab380467

Files

987e773fe2780b0ef5f09c8dab380467
.exe windows:4 windows x86 arch:x86

6ab799547bab7313b8a7e2791c8cd499

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
AddAtomW
CreateMutexW
CreateProcessA
ExitProcess
GetCommModemStatus
GetStartupInfoA
GetSystemDefaultLCID
GetTapeStatus
InterlockedCompareExchange
ReadConsoleOutputW
SetHandleInformation
WinExec
_llseek
lstrcatW

advapi32

CryptDecrypt
CryptGenKey
CryptGetUserKey
GetNamedSecurityInfoA
GetTrusteeTypeA
LookupPrivilegeValueW
RegOpenKeyA
RegQueryMultipleValuesA
RegQueryValueA
RegSaveKeyA
SetEntriesInAclA
SetNamedSecurityInfoW
UnlockServiceDatabase

user32

AttachThreadInput
CreatePopupMenu
DdeKeepStringHandle
DdeNameService
DragObject
DrawTextW
GetClipboardViewer
SubtractRect

shell32

Control_FillCache_RunDLLA
DllInstall
ExtractAssociatedIconExW
FindExecutableA
SHEmptyRecycleBinW
SHGetFileInfoW
SHGetPathFromIDListA
SHLoadInProc
SheGetDirW
Shell_NotifyIconW

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE