9a666025866105b65cc196b4e0bf3ee7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9a666025866105b65cc196b4e0bf3ee7
Size

200KB
MD5

9a666025866105b65cc196b4e0bf3ee7
SHA1

a64cfaefd7e8b8ae312a80bf7c403ebd00be7334
SHA256

7aba204304f9cefbdd41c0bb1c207011b4889a7b4a3890ee673be2760f5b87e8
SHA512

efc2716bfd4916e300f7530d9e09eed80bf8278dc2e9ddf801f430fbd514c5b03f0f203d8513c690b859d599b0d25138316a95c581dac6888fc7e53b727f621d
SSDEEP

6144:1OY5Bj3VHC+mhRicqp2qyjlWYaLWt0buNRxga:1b553V5ZziMWtzL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a666025866105b65cc196b4e0bf3ee7

Files

9a666025866105b65cc196b4e0bf3ee7
.exe windows:4 windows x86 arch:x86

160ea413b54e41fce9e191f02fe2d609

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
ResetEvent
FlushFileBuffers
LoadLibraryA
DeleteTimerQueue
HeapUnlock
LocalLock
VirtualLock
GetCommandLineA
VirtualFree
VirtualProtect
VirtualAllocEx
GetLastError

user32

PostMessageA
IsWindowUnicode
ShowWindow
IsWindowVisible
LoadCursorA
IsZoomed
GetDC
GetCursorPos
SetTimer
ReleaseDC
GetDesktopWindow

gdi32

GetBitmapBits
CreateSolidBrush
GetPixel

shell32

ShellAboutA

psapi

GetModuleBaseNameA
EnumProcessModules

msvfw32

DrawDibClose
DrawDibProfileDisplay
DrawDibOpen
DrawDibEnd

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ