bd429d99ab62b79f24b86579eb612284 | Triage

Sharing

General

Target

bd429d99ab62b79f24b86579eb612284
Size

64KB
MD5

bd429d99ab62b79f24b86579eb612284
SHA1

c425c94117ab8277c1d85e939868dad3bed57248
SHA256

88feff6acbe395d7022e174370b7968dafefede1d5ae567043a9ad78cf5506c5
SHA512

5d9001a3aa2debe0a1884ba52043e4d44a489b4463316f8b74579fd5be018efe323b60677d094fb589d97a9dda057434e444b4870275671c703785132bad2261
SSDEEP

768:bFJRqlasv2nZXyeVksMPw/jjSf5PZyM7VbE2oojOmVWyQRM9OqyUdNkQeR3AsNk8:bFhk9q2x1JE2JgRscGqQeRQsNkezv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd429d99ab62b79f24b86579eb612284

Files

bd429d99ab62b79f24b86579eb612284
.exe windows:4 windows x86 arch:x86

b6400e5948a7b90e5707e2cca5254df5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetFileSizeEx
GetFileAttributesA
HeapAlloc
VirtualAlloc
lstrlenW
VirtualProtect
SetFilePointer
GetSystemTimeAsFileTime
CreateMutexW
FindNextFileW
CreateThread
GetTickCount
GetTimeZoneInformation
GetModuleFileNameA
EnterCriticalSection
lstrcpyA
ResetEvent
lstrcpynW
HeapReAlloc
ExpandEnvironmentStringsW
lstrcpyW

shlwapi

PathFindFileNameW
wvnsprintfW
wnsprintfA
StrCmpNIW
SHDeleteKeyA
PathFileExistsW
PathMatchSpecW
StrStrW
wvnsprintfA

user32

GetWindowThreadProcessId
SendMessageA
GetIconInfo
GetWindowLongA
MsgWaitForMultipleObjects
OpenWindowStationA
OpenDesktopA
GetDlgItem
GetMessageA
SetThreadDesktop
CloseDesktop
GetClipboardData
FindWindowExA
GetClassNameA
GetKeyState

advapi32

RegCloseKey
CryptGetHashParam
DuplicateTokenEx
RegCreateKeyExA
CryptCreateHash
RegDeleteValueA
RegEnumKeyExA
CryptDestroyHash
CryptHashData

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE