a157b3f3428ae2d00398bdfbee0c7b72 | Triage

Sharing

General

Target

a157b3f3428ae2d00398bdfbee0c7b72
Size

77KB
MD5

a157b3f3428ae2d00398bdfbee0c7b72
SHA1

2064b2c73a07719c44538afb303de8438a9f8e3f
SHA256

14524ab2ede761f6f2bf73cd2104b930e244852ff4679e9fb5860ea860881ec7
SHA512

2cc50abf165e54470f20717a692388b32f5a7a5c4330f524f4f9fafd5dcac6d81950f066a7e99f3f219deeb01e33dcb982156813fae4ee911ec2914fba08b15d
SSDEEP

1536:LnWm0J40+we128F/vNPOsu8pOjHGXp/3SSoJ1Yu6o3S0HODncVxj3PG8R:LnN0h+wt8NNOsF4jm5aSojSyODnc7fGY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a157b3f3428ae2d00398bdfbee0c7b72

Files

a157b3f3428ae2d00398bdfbee0c7b72
.exe windows:4 windows x86 arch:x86

31a29c11c09426dbc1c1bf2cd6557c1c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcmp
strstr
memcpy

user32

GetActiveWindow
DrawIcon
DestroyCaret
FillRect
GetMonitorInfoW
GetShellWindow

advapi32

ReadEventLogW
RegFlushKey
DecryptFileW
ReportEventW
OpenThreadToken

wininet

FreeUrlCacheSpaceA
GopherFindFirstFileA
GopherOpenFileW
FtpGetFileW
HttpQueryInfoA

Sections

.text
Size: 48KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE