b594831d3ff8dc598fe3c907d6478ea9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b594831d3ff8dc598fe3c907d6478ea9
Size

177KB
MD5

b594831d3ff8dc598fe3c907d6478ea9
SHA1

0f2e0bcb2c8244ecd7d61003a8eed40fa738ba21
SHA256

9bd3b3968956ca93251db1026fa58d24989f11179a2ad7cafa8c28771eee890d
SHA512

f5576dc5709d01cbc52573d61a61cd3337baf7b2f794a7744fedb26eea27bb7cd5250f614c83b73a12fa9ec3ae52f5e88c7efe679b7d3f13a4fc94c2042ad3a0
SSDEEP

3072:+XOnX0W29e2KgJz3oJOvAIYmtnfGp5lcr8Ndkg7rRMZ2v0caix4:+Xm29n3oJOOm38NZ+Z2B6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b594831d3ff8dc598fe3c907d6478ea9

Files

b594831d3ff8dc598fe3c907d6478ea9
.exe windows:4 windows x86 arch:x86

5789338fd0f5f7e9df6f30b9ed9cfd4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathSkipRootW
PathGetArgsW
PathIsUNCW
StrDupW
SHRegGetValueW
PathFindFileNameW

kernel32

GetFileInformationByHandle
GetCalendarInfoW
VirtualQuery
LocalFree
WideCharToMultiByte
OutputDebugStringA
FreeLibrary
lstrlenW
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetLastError
OutputDebugStringW
GetModuleHandleW
InterlockedExchange
EnumResourceNamesA
GetProcessId
GetCurrentProcess
VirtualProtect
LocalAlloc
CreateDirectoryW
InitializeCriticalSection
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentThreadId
DuplicateHandle
GetProcAddress
lstrcmpiW
SearchPathW
GetCurrentDirectoryW
SetLastError
ExitProcess
Sleep

gdiplus

GdipGetImageWidth
GdipDisposeImage

ole32

CoGetDefaultContext
CoInitialize
StringFromGUID2
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ