baef35dba2ac06d14c2e975efd6e09ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

baef35dba2ac06d14c2e975efd6e09ad
Size

182KB
MD5

baef35dba2ac06d14c2e975efd6e09ad
SHA1

5db4ac2ed668997835b499cc15b288ae7dceb7c2
SHA256

c3488033920f70dd320263133380550df942a016aff404cfb517ce4649a7efb4
SHA512

86d3f70437e62541f936942b041b387dd978fc0a5c143d10596ac5f4d47f7650ad34c5ecf69ee553d628dfbdc854ea41c922327623fc77c1cd7b2e5bd8c4b2f6
SSDEEP

3072:DsbG5wRTJuXQ4d/JlzTcptpLs5HC++3gyxpqYHGmCr:QbGWtJ4dBl8ptpLkyxpxg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baef35dba2ac06d14c2e975efd6e09ad

Files

baef35dba2ac06d14c2e975efd6e09ad
.exe windows:4 windows x86 arch:x86

1e54ea7ba9da16921f1213b91853fc36

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

shlwapi

PathGetArgsW
StrDupW
PathSkipRootW
PathIsUNCW
SHRegGetValueW
PathFindFileNameW

kernel32

SetLastError
WideCharToMultiByte
VirtualProtect
SearchPathW
GetCalendarInfoW
GetFileInformationByHandle
InterlockedExchange
lstrcmpiW
DuplicateHandle
GetLastError
VirtualQuery
FreeLibrary
GetCurrentProcess
ExitProcess
CreateDirectoryW
GetModuleFileNameW
OutputDebugStringA
LocalFree
EnumResourceNamesA
OutputDebugStringW
GetModuleHandleW
lstrlenW
MultiByteToWideChar
GetCurrentDirectoryW
GetModuleHandleA
InitializeCriticalSection
LocalAlloc
GetProcAddress
GetFileAttributesW
GetCurrentThreadId
SetEnvironmentVariableW
GetProcessId
Sleep

ole32

CoGetDefaultContext
StringFromGUID2
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ