b5de59fd301a0e9a8ed84089b7298a81 | Triage

Sharing

General

Target

b5de59fd301a0e9a8ed84089b7298a81
Size

191KB
MD5

b5de59fd301a0e9a8ed84089b7298a81
SHA1

7cb5fd046974ab335573cda767d210d180e91ade
SHA256

cc8f1fedc1d87b23e4b3347ac4822f1a8cbd46829b34f1f79e3fc11083ae649c
SHA512

244ca606c202abb530084af39e5205a4409cad2a8d9886f9c4a3048c781b143fd70fa43f3d4523f63414c53119876510d71d4c3a0735b4e8192007b77304b147
SSDEEP

3072:oCmxtwH/k10Ni33Htf4PNuecKSLJsO4bAby8YJ2+9wLEqlzdAsjLwEjPw8eXuZge:2nwHsDp4PNut4O4bAdYJnAEQXge

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5de59fd301a0e9a8ed84089b7298a81

Files

b5de59fd301a0e9a8ed84089b7298a81
.exe windows:4 windows x86 arch:x86

96b77e70d30ee7c17585c360f2e8cf17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
GetSystemDefaultLangID
GetAtomNameA
GetConsoleCP
HeapReAlloc
GetCommandLineA
GetStdHandle
lstrlenA
GlobalUnlock
GetVersion
WaitForMultipleObjects
GetModuleHandleA
WaitForSingleObject
VirtualProtect
CompareFileTime
LocalSize
SuspendThread
InterlockedExchange
CloseHandle
HeapCreate
GetTickCount

gdi32

CreatePalette
Ellipse
GetMetaRgn
Escape
CreateFontA
EngLineTo
AbortPath
EqualRgn
DeleteObject
GetFontData
BeginPath
GetTextColor
CreateICA
DeleteDC
EndPath
GetMetaFileA
FloodFill
GetRgnBox
GdiFlush
GetStringBitmapA

winmm

OpenDriver
CloseDriver
PlaySoundA
auxGetVolume
auxSetVolume

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ