a1843d1272de0b4fdc6364008198b700 | Triage

Sharing

General

Target

a1843d1272de0b4fdc6364008198b700
Size

275KB
MD5

a1843d1272de0b4fdc6364008198b700
SHA1

8e8e02760f0fa4b79f82b50bd2eadbf8820464fc
SHA256

94bed3233d3e1d3f3e21c14e494c93a875b2025adbfc5a322033c09666ba9175
SHA512

d9168f08c9905ee8fe1ea3cdc7a035646305c476d5a3cdcb2aaef5593239d4c6929e66791057f6cde9bf6f1c19ee368105ec0463ab8829dab880c1c276e9e302
SSDEEP

6144:jgw9j3hpwZchmINGeM6UV1PqjsVJc/2dkTwCKuFM/s:0wNXtmINldeUOEwkTwFuFI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1843d1272de0b4fdc6364008198b700

Files

a1843d1272de0b4fdc6364008198b700
.exe windows:4 windows x86 arch:x86

c7e4db2021fa234ca18a5fae56564fd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

user32

GetWindowThreadProcessId
EnumWindows
PeekMessageA
LoadStringA
KillTimer
wsprintfW
MessageBoxA
DispatchMessageA
SetTimer
CharNextA
GetMessageA
CharUpperA
GetWindowTextA
IsWindowVisible
PostThreadMessageA
wsprintfA

kernel32

EnumResourceLanguagesW
FindFirstFileW
HeapFree
LoadResource
GlobalAddAtomW
GetCurrentDirectoryW
LockResource
SizeofResource
GetLastError
FindFirstFileA
GetProcAddress
SetLastError
InterlockedExchange
EnumResourceNamesA
GlobalFree
FormatMessageW
EnumResourceNamesW
GetModuleHandleW
LoadLibraryA
MultiByteToWideChar
FindResourceExW
EnumResourceTypesW
GetDateFormatW
FindNextFileA
LocalFree
RaiseException
HeapAlloc
CloseHandle
GetCommandLineW
GetProcessHeap
Sleep

Sections

.text
Size: 141KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ