addb10ce17893d77ab7b166bc4b5a4de | Triage

Sharing

Copy URL Twitter E-mail

General

Target

addb10ce17893d77ab7b166bc4b5a4de
Size

156KB
MD5

addb10ce17893d77ab7b166bc4b5a4de
SHA1

11606952a9b86a9756adfd1c64c0bf3a3a5dac7d
SHA256

c4dbf2cab1307862310657f66e5932c5cb7bac5f0671f42b8e2daa0521eb8bf1
SHA512

8c11999f6c1c937c0cded0fdede91d3f5682161f41942e3c737cd780deb9292f4de4397d458cb7f9fad09325c97e9c6e1cdfe094933bd764f6c22f5b196d0bc8
SSDEEP

3072:D8SF93M8qc3MC+wu+jN71UsJ4wtp5S0mh5c0r6NwizTiOKbElMA/:Dz30c8C+ct+sDA6NXbX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
addb10ce17893d77ab7b166bc4b5a4de

Files

addb10ce17893d77ab7b166bc4b5a4de
.exe windows:4 windows x86 arch:x86

e81be61b9ee4163816f1b4faf6f4db67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessIoCounters
GetModuleHandleA
GetProcessWorkingSetSize
GetThreadSelectorEntry
ReadProcessMemory
VirtualAlloc
SetThreadAffinityMask
CreateMutexW
ExpandEnvironmentStringsA
PulseEvent
MoveFileA

user32

SetSysColors
OpenWindowStationW
MessageBoxExA
EnumWindowStationsW
MessageBoxExW
IsIconic
GetUpdateRgn

gdi32

GetBkColor
UpdateICMRegKeyA
GetStockObject
ScaleWindowExtEx
CreateEnhMetaFileW
SelectObject

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 794B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE