c13f9e4154b51157db729d7ee7346c55 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c13f9e4154b51157db729d7ee7346c55
Size

133KB
MD5

c13f9e4154b51157db729d7ee7346c55
SHA1

6e208e0a35d827338a7611a33c4dea1350d5ba09
SHA256

eca5b25e045845b6133372ff05aa5153616ed82dac28dd4e4c0b5ef5fd38ab00
SHA512

f337b2ddf63e3870de5f22e00b985a77b0f240c9a7064d7f588e272a3e5ac1bcecf113ee3325298c7ae58d3d7c7829afd22ceb5febeee11ae66c6afe7f49e325
SSDEEP

3072:+kwfBWX/oJGBhKcXsqog9SFXOgT2i20y5PuhHDS/VF:s+IksqofhKlaHDS/V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c13f9e4154b51157db729d7ee7346c55

Files

c13f9e4154b51157db729d7ee7346c55
.exe windows:4 windows x86 arch:x86

681fb869c1498bb4da406c40e4ed7f13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathA
Shell_NotifyIconA
SHFileOperationA
SHGetDesktopFolder

shlwapi

SHStrDupA
PathIsContentTypeA
SHDeleteKeyA

user32

CharUpperA
IsDialogMessageA
IsDialogMessageW
IsIconic
GetCapture
LoadCursorA
GetMenu
GetActiveWindow
GetFocus
IsRectEmpty
CharLowerA

gdi32

GetRgnBox

kernel32

ExitProcess
lstrcatA
HeapDestroy
GetStdHandle
VirtualQuery
GetLocalTime
GetLastError
VirtualAllocEx
CreateEventA
SetThreadLocale
VirtualAlloc
FormatMessageA
GetCommandLineA
FindResourceA
GetFileSize
CreateFileA
lstrlenW
SetEvent
GlobalDeleteAtom
GetFileType
lstrcpyA
GetThreadLocale
IsBadReadPtr

Exports

Exports

_qZK2pn
57BMR@12

Sections

.text
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 118KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ