bde1b2d955ef0519140bfe087b912ebf | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bde1b2d955ef0519140bfe087b912ebf
Size

61KB
MD5

bde1b2d955ef0519140bfe087b912ebf
SHA1

648d197d15cbe20c32dc14775abef201f290630e
SHA256

a6cb6397bd5a963d46589d3a0e6eda631cc77f9d3d48d302b2a25f697273f9bb
SHA512

e5754b2bfdd2aa48a470cc96022a706de9810e89f52d3c9701cbef21860356e0cee6ae90bdbe33fe9b5d5af33d35e063103d7cffe280d5ca69d2476e7094060f
SSDEEP

1536:2LjOuzPXfzt0G0WIe1R7Rnk62EgWEM+2pY2joQOfOkCu/OR1e:MKuzPX7t0GlzjFn3gTM+2pY3hOE/Iw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bde1b2d955ef0519140bfe087b912ebf

Files

bde1b2d955ef0519140bfe087b912ebf
.exe windows:4 windows x86 arch:x86

320e1056ecc76202bca5387b63271bed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathCombineW
PathMatchSpecW
StrCmpNIW
StrStrW
wvnsprintfA
SHDeleteKeyA
wnsprintfW
wnsprintfA
PathFindFileNameW

user32

GetWindowThreadProcessId
GetKeyboardState
FindWindowExA
GetForegroundWindow
GetWindowLongA
ExitWindowsEx
SendMessageA
GetClassNameA
GetCursorPos
GetKeyState
GetWindowTextA
CloseDesktop
GetDlgItemTextA
OpenDesktopA
LoadCursorA
GetIconInfo
SetProcessWindowStation

advapi32

CryptGetHashParam
CryptReleaseContext
CryptCreateHash
RegCreateKeyExA
RegEnumKeyExA
DuplicateTokenEx
RegDeleteValueA
CryptAcquireContextW
RegCloseKey
CryptHashData
RegSetValueExA
CryptDestroyHash

kernel32

VirtualAlloc
GetModuleHandleA
VirtualProtect
GetProcAddress
lstrcmpiW
GetFileAttributesA
lstrcatA
InitializeCriticalSection
ResetEvent
GetCommandLineA
CreateProcessW
GetDiskFreeSpaceW
WideCharToMultiByte
GetModuleFileNameW
ReleaseMutex
CopyFileW
GetEnvironmentVariableW
CreateEventW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE