be389da0de4aecc46e99ed255a47df2b | Triage

Sharing

General

Target

be389da0de4aecc46e99ed255a47df2b
Size

224KB
MD5

be389da0de4aecc46e99ed255a47df2b
SHA1

ac329c7b173e74c6c3368c91faf88c226fee1e28
SHA256

4f6bfb84d25430b31d3df8119521659d79b3f7adfd0c8d774628692a16606466
SHA512

40895cc4ebaf9d54367573d370a3052bd46c215393b519098827bd8630dcb8d22cf0954a7f783c6cf79710ca2e43da6061cc917b9b442a9d19341cbdbeb426d6
SSDEEP

6144:4o7e+BNxI5joQ70/t4wSbXnBRaVR5jnMIjCuwl9g:jXVIWQ4FjSLBRcHTxGrHg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be389da0de4aecc46e99ed255a47df2b

Files

be389da0de4aecc46e99ed255a47df2b
.exe windows:4 windows x86 arch:x86

fbc2aa9eca6477c82505eedb8fb40343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

BuildCommDCBA
ExitProcess
GetConsoleCP
GetLongPathNameA
GlobalGetAtomNameW
IsBadReadPtr
OpenMutexW

advapi32

BuildImpersonateExplicitAccessWithNameW
ConvertSecurityDescriptorToAccessW
CryptGetUserKey
GetFileSecurityA
GetSecurityDescriptorLength
GetSidSubAuthorityCount
InitializeSecurityDescriptor
InitiateSystemShutdownA
NotifyChangeEventLog
ObjectOpenAuditAlarmA
OpenServiceA
ReportEventW
StartServiceA

user32

BlockInput
EnumWindowStationsW
GetDialogBaseUnits
SendIMEMessageExW
SetInternalWindowPos
SwapMouseButton
TrackPopupMenuEx

gdi32

CreateMetaFileA
DeleteMetaFile
GetICMProfileW
OffsetViewportOrgEx
PathToRegion
SelectClipPath
SetColorAdjustment
SetDIBitsToDevice
SetFontEnumeration
TextOutW

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 221KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ