be2c67817e0b5b9210c025b7ec440cf0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be2c67817e0b5b9210c025b7ec440cf0
Size

7KB
MD5

be2c67817e0b5b9210c025b7ec440cf0
SHA1

717ad0f083dedb179dd28a203ea8fd81f61dd527
SHA256

f6be00eef7af3e01d2e9b48a21a569222668d2ded103092b595c6c6fafff429c
SHA512

c7cd5003388315a048f5d520244ec4f77c56e77a305e06d5c331c1f1cfa15bb5b1915a091eb90398059ce602dced4ef8cd072f55e5ef17d774ccd41079789e12
SSDEEP

192:xMSstF2DMUyGwovKSGf+CB0jryV5IV+/v8i:mS6rUySKinr8IV+v9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be2c67817e0b5b9210c025b7ec440cf0

Files

be2c67817e0b5b9210c025b7ec440cf0
.exe windows:4 windows x86 arch:x86

db53bc93eebd9bb0205a6e009815fc5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
lstrcatA
WideCharToMultiByte
lstrcpyA
WaitForSingleObject
CloseHandle
GetFileAttributesA
GetModuleFileNameW
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
SetEvent
CreateThread
GetProcAddress
ExitThread
CompareStringA
Process32First
CreateToolhelp32Snapshot
RtlUnwind
InterlockedExchange
VirtualQuery
GetProcessHeap

gdi32

SelectObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

user32

DestroyWindow
MsgWaitForMultipleObjects
DispatchMessageA
TranslateMessage
PeekMessageA
CreateWindowExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE