b78ba6648a376c5c6f1e1654768bed06 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b78ba6648a376c5c6f1e1654768bed06
Size

454KB
MD5

b78ba6648a376c5c6f1e1654768bed06
SHA1

50bab14c9163c502fda2f808d1fdb1245e99226c
SHA256

774b20f0b9e7c0772518ad991007f2aac1a6553af3fa9aed311e30f1823a5f1e
SHA512

d7e655d96cb61bbf02132799315afc4d70f4daf58aa8c8cd752a816ef687f6c4394b2a823b8170efee4662212bdcd771781fd2fc0d07803b1a5732c1b2f17923
SSDEEP

12288:17Ze2B5F9b7s5eKiR3B6VTPhma3fGkMFYNS:17ZjLPR30VTPhHOkNS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b78ba6648a376c5c6f1e1654768bed06

Files

b78ba6648a376c5c6f1e1654768bed06
.exe windows:4 windows x86 arch:x86

f5e603abaa6d81f82ff820ee7bc653e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wnsprintfW
PathMatchSpecW
StrCmpNIA
PathFileExistsW
wvnsprintfW
PathRemoveFileSpecW
StrCmpNIW
PathFindFileNameW
SHDeleteKeyA

kernel32

MulDiv
OpenMutexW
CreateFileA
lstrcatW
GetModuleFileNameA
VirtualAlloc
GetVersionExW
FindResourceW
CreateProcessW
GetUserDefaultUILanguage
GetModuleHandleA
FindNextFileW
LeaveCriticalSection
CloseHandle
GetProcAddress
CreateEventW
SetEvent
ResetEvent
VirtualProtect
ReleaseMutex
lstrcpyW
Sleep

user32

DrawIcon
GetClipboardData
EndDialog
GetWindowLongA
MsgWaitForMultipleObjects
CloseWindowStation
SetProcessWindowStation
SetThreadDesktop
FindWindowExA
GetForegroundWindow
GetCursorPos
OpenWindowStationA

advapi32

GetUserNameW
CryptGetHashParam
CryptCreateHash
DuplicateTokenEx
RegQueryValueExA
RegDeleteValueA
CryptHashData
RegCreateKeyExA
RegCloseKey
CryptAcquireContextW

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE