b508bf0bcbc0f677e8b76bbc4e202e6e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b508bf0bcbc0f677e8b76bbc4e202e6e
Size

254KB
MD5

b508bf0bcbc0f677e8b76bbc4e202e6e
SHA1

4cb526a4642cc0fb6df522bf6de2d4651b87acb4
SHA256

1bc32aea8c7864bd86554bc1ff15551910f388db54a0f29ab2fc29b79d3157d4
SHA512

d46c8f25536dc2025d171088308cf6f04a19ebb3901da53774240b73d77e857723a4e738e990f0c1c9dc423dff73e037460e3260a6369cc25dae1c5eeba6b655
SSDEEP

6144:h2xPkxXy+CUPTzvpffwKzAnYl7+HXsIt+MwvLVtoIrtezUMk5Gtv7D:kp+7PTz5w0nT/hKk5eD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b508bf0bcbc0f677e8b76bbc4e202e6e

Files

b508bf0bcbc0f677e8b76bbc4e202e6e
.exe windows:4 windows x86 arch:x86

26a2c14439839dfb9304fdf1c02157f9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetWaitableTimer
CloseHandle

ntdll

RtlComputeImportTableHash
ZwTerminateJobObject

user32

RegisterClassA
SetWindowsHookExA
WindowFromDC
PostThreadMessageA

ole32

CLSIDFromString

advapi32

LsaOpenAccount
CryptSetProvParam

gdi32

CreateDiscardableBitmap
EnumObjects
GetMetaRgn
SetTextAlign
GetStretchBltMode
RealizePalette
SelectClipPath
SetBkColor
UnrealizeObject
StrokeAndFillPath
GetPixel
SetMapperFlags

netapi32

NetWkstaTransportEnum

msv1_0

MsvSamValidate

Exports

Exports

R0wAtlc
V1108eHE6Q8G3
Z8P6Vy
c3GeqQSNQ4Zu1emSxW
fLqI8IpKS

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ