9a59c136c0d2ec97a0c1f83fa6763c48 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a59c136c0d2ec97a0c1f83fa6763c48
Size

312KB
MD5

9a59c136c0d2ec97a0c1f83fa6763c48
SHA1

90148e3e5ba71057ae45989a280165c9eb834b69
SHA256

04158a6809f5ca5e526fe8759c14a12565b239a0f7274d40992037ff0cdf1aa9
SHA512

aa0d2ea47ea22fd5c6a35c147622e57a40fda1649003313ef7c1e69c532c0a0168cf08bc56c6c57c039f65256577315ec4ddbc678386c929e9e18f3fbb381778
SSDEEP

6144:ArrTuETVyp+zFTan/bdV+6A5iP2naGmzvXYu5aRCaMMQG:ArWr+zUDvA5eYYvYiaPMY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a59c136c0d2ec97a0c1f83fa6763c48

Files

9a59c136c0d2ec97a0c1f83fa6763c48
.exe windows:4 windows x86 arch:x86

fe61a1c6efdd14f1528f2b96a743d33e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
GetSystemDirectoryA
FlushFileBuffers
GetLocaleInfoA
GetCommandLineA
GetACP
IsDebuggerPresent
GetCurrentProcessId
HeapCreate
GetCurrentProcess
LoadLibraryExA
GetCurrentThread
RaiseException
VirtualProtect
OpenMutexA
FindFirstFileExA
InterlockedExchange
ReadConsoleA
GetStdHandle
SetEvent
GlobalFree

user32

GetWindowTextA
GetWindow
FrameRect
EndPaint
DrawTextA
GetFocus
SetActiveWindow
SetForegroundWindow
wsprintfA
GetDlgItem
GetCursorPos
ValidateRgn
ReleaseDC
GetClassNameA
BeginPaint
IsIconic
GetParent
FillRect
ShowWindow

crypt32

CertDuplicateStore
CertControlStore
CertCloseStore
CertFindAttribute
CertCreateContext

apphelp

ApphelpCheckIME

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ