a2790d7af72749ebf4712b0c628fa473 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a2790d7af72749ebf4712b0c628fa473
Size

802KB
MD5

a2790d7af72749ebf4712b0c628fa473
SHA1

f5d2a8ae8fadcf99ced68636a990469a48967513
SHA256

53370668483d69309aacbef90efe9d05400e8393887a08c4fdeac2e023e817af
SHA512

0b11b45343174fbb785de79bb4fd3efe9bcecf4b423f5dc110ddcf01c72207a54c23225f4b8534e24c87bdbf308a5c074d3f4d47ad9959cb2c3ada14f71e196f
SSDEEP

24576:z9V5Nm7IO/G++GUz051cpsBPBshgCclOPs:hbNmf+BGE051cpsJbCcY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2790d7af72749ebf4712b0c628fa473

Files

a2790d7af72749ebf4712b0c628fa473
.exe windows:5 windows x86 arch:x86

457c8de905a4440ccbf650909aae4ffe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CreateFileW
HeapDestroy
GetFileAttributesA
GetVolumePathNameA
OpenMutexA
FindAtomW
SetFilePointer
CreateDirectoryA
GetModuleFileNameA
CreateFileW
GetProcessHeap
GetDriveTypeW
GetConsoleMode
GetModuleHandleA
OpenEventA
GlobalFlags
GetProcessVersion
GetCurrentThreadId
DeleteFileW
DeleteFileW
VirtualProtectEx
PulseEvent
LeaveCriticalSection
InterlockedExchange

user32

DispatchMessageA
GetWindowLongA
LoadCursorA
IsMenu
GetWindowTextA
GetWindowLongA
SetRect
wsprintfA
PeekMessageA
MessageBoxA
DestroyIcon
DestroyMenu
SetFocus

dot3msm

Dot3MsmDisconnect
DllMain
Dot3MsmFreeProfile
Dot3MsmDeInit

advapi32

IsValidAcl

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 793KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE