98a7ab304fce1fcfff05091c8aca7941 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

98a7ab304fce1fcfff05091c8aca7941
Size

172KB
MD5

98a7ab304fce1fcfff05091c8aca7941
SHA1

61caff4748f74ce2df88a229f8c621795aff3a81
SHA256

ef137da2d563d0f85206251e5c731430e7f6639c3f626db2ca800bd8d5037469
SHA512

36dc24d9690ead7c4af419d8f077141fec783f76537fa6d4946acaf6a5914c0c860de91ffc93db6da6271d61e268c9cb98f81ffa6a77b8cd34ff2ff8a8afbdf8
SSDEEP

3072:PeEHFINd8Plw6ziTRWKgTXaC1XIAfOObVlh/AFRpxVljRyUqBz1P+gbfk:PDI2w6z40VXasIAWoh/4v1UvvPVf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
98a7ab304fce1fcfff05091c8aca7941

Files

98a7ab304fce1fcfff05091c8aca7941
.exe windows:4 windows x86 arch:x86

36373db3969796592ebd97f598f9b722

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

shell32

Shell_NotifyIconA

kernel32

LeaveCriticalSection
AddAtomW
IsBadReadPtr
GetStringTypeA
InterlockedIncrement
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
SetStdHandle
FlushFileBuffers
GetLastError
GetStringTypeW
EnterCriticalSection
EnumResourceNamesA
GetSystemTimeAsFileTime
RaiseException
LoadLibraryExA
SetFilePointer
GetCurrentProcessId
IsBadCodePtr
CloseHandle
RegisterWaitForSingleObject
HeapAlloc
LCMapStringW
GetModuleHandleA
GetCurrentProcess
FlushInstructionCache
LCMapStringA
InterlockedDecrement
SizeofResource

gdiplus

GdipCreateHBITMAPFromBitmap
GdipCloneImage

gdi32

CreateFontIndirectA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ