ac78ef5cb807713423f46f0206e95572 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ac78ef5cb807713423f46f0206e95572
Size

274KB
MD5

ac78ef5cb807713423f46f0206e95572
SHA1

95b4e17ad8f597e75dc057d3c08e91664bdbfabb
SHA256

f13f61de910d5944982df58a45730e0412e796e5e902265dcf5c4ad61b5af886
SHA512

8d4f584a02490040bdf5a7a82ac49f42be6c08bca05bc3b4fd77e88f6ceecabf3c0d1b8a2b4c6782c82cb296c30264c58575e72cfcba1d45ec7e8fa25ef9c854
SSDEEP

6144:JzqJXELi1zMzX1EQEVYj0vdiwDizTX4lzE7tSoGWXGoCk7O:OXELi+eXVYjnCEX4dE7O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac78ef5cb807713423f46f0206e95572

Files

ac78ef5cb807713423f46f0206e95572
.exe windows:4 windows x86 arch:x86

20d4b80f13b32464155c1ecbe2c71b73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
LoadLibraryA
HeapReAlloc
GetStdHandle
GetModuleHandleA
CloseHandle
GetTickCount
FindAtomA
VirtualProtect
WaitForSingleObject
GetProfileIntA
TlsGetValue
CompareFileTime
GetConsoleCP
TlsFree
HeapWalk
GetAtomNameA
GlobalUnlock
lstrlenA
GetACP
InterlockedExchange

user32

EnableScrollBar
LoadIconA
UpdateWindow
GetDlgItem
CreateCaret
DispatchMessageA
GetWindowTextA
PostMessageA
InflateRect
EqualRect
SetWindowPos
GetKeyboardLayout
InsertMenuA
MessageBoxA
PaintDesktop
CopyRect
ModifyMenuA
SetPropA
GetMenu
ShowWindow
TranslateMessage
SubtractRect
DialogBoxParamA
DestroyMenu
GetMenuStringA

msi

MsiDoActionA
MsiGetMode
MsiCloseHandle
MsiEnumClientsA
MsiEnumProductsA

ws2_32

WSAAccept

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ