bab45c3b6d7b55881b8e8bf7f641a264 | Triage

Sharing

General

Target

bab45c3b6d7b55881b8e8bf7f641a264
Size

416KB
MD5

bab45c3b6d7b55881b8e8bf7f641a264
SHA1

ef5d02d8daea9c25f4aba8ca07ec51f804d7e36e
SHA256

c268d5e1f5010414c7742a13909463904db93896f33c429067b224580eabf296
SHA512

9e03525a517a416e69ae10a2fc8bb2062bccc1707bef389d6d3b27f7a730c5997f1a571fa47385babc1fbdbcb101835aa228b375bf33faf68c020a712502b6b0
SSDEEP

6144:E6b2I7dBJY+l8EAnddMJfnDnDYiktjAg2SDj2uqLUITtjtz:E6qIprYLsr0iktjrpDSFJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bab45c3b6d7b55881b8e8bf7f641a264

Files

bab45c3b6d7b55881b8e8bf7f641a264
.exe windows:4 windows x86 arch:x86

dbab0e04a06b17df2cafcef865a5975b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomA
GetCommandLineA
CloseHandle
GetLastError
VirtualProtect
GetLogicalDrives
RaiseException
Sleep
GlobalAddAtomA
SetErrorMode
GetLocaleInfoA
EnterCriticalSection
GetFileAttributesExA
GetSystemDirectoryA
GetACP
GetStdHandle
HeapCreate
LockResource
LoadLibraryExA
InterlockedExchange
GlobalFree

user32

ShowWindow
GetClassNameA
GetActiveWindow
GetWindow
GetFocus
EndPaint
FlashWindowEx
IsIconic
ReleaseDC
BeginPaint
SetForegroundWindow
wsprintfA
GetWindowTextA
FillRect
DrawTextA
ValidateRect
GetCursorPos
FrameRect
GetParent

httpapi

HttpTerminate
HttpCreateHttpHandle
HttpAddFragmentToCache
HttpAddUrl
HttpInitialize

winhttp

WinHttpOpen

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ