999551fe609a88cedf682b41d38c5649 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

999551fe609a88cedf682b41d38c5649
Size

46KB
MD5

999551fe609a88cedf682b41d38c5649
SHA1

4448b2f6e7e19beaed0c774b2819f4e5c6116325
SHA256

f60ba92c073950b71f48933cf0d30a53454dfaf1478485f2a7b1c83f09aa0ade
SHA512

9784e9dffdb6dcf7c13bac83850802698abc3d213c81c514c816ca7c1760ecce32471289bfe6991b891af08d330217b6e8a41e0a6ebf9333c00cfd93a78ee2e2
SSDEEP

768:sQnkS+TzrHqBls41ZD6r1Cv0/Yr+KPEWHveLlw4DFCVjBgY:7kpTKP7w1rG5WRLFsgY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
999551fe609a88cedf682b41d38c5649

Files

999551fe609a88cedf682b41d38c5649
.exe windows:5 windows x86 arch:x86

af7180a47ea9a6207e63ebbc8ed8e645

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegDeleteValueA
CryptGetHashParam
RegCloseKey
CryptReleaseContext
CryptCreateHash
DuplicateTokenEx

shlwapi

PathCombineW
wvnsprintfW
SHDeleteKeyA
PathMatchSpecW
wvnsprintfA
PathFileExistsW
PathRemoveFileSpecW
wnsprintfW
StrCmpNIW
PathFindFileNameW
wnsprintfA
StrStrW
StrCmpNIA

Sections

.hij
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ifon
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qfkb
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ