c18d9a3b308c427a39769005ee9bcac2 | Triage

Sharing

General

Target

c18d9a3b308c427a39769005ee9bcac2
Size

122KB
MD5

c18d9a3b308c427a39769005ee9bcac2
SHA1

e8d6a53aaa12885d81d546d93ed9987e0db2f312
SHA256

dc1933bda1eb1c7aac7a74cd42c7622dfe4de1b949a1d7ec1c7dd9ae3a14ccf8
SHA512

333b5b54143ab3fa0105fbd01c8b9725483b00e8a90558229232970a64ee3dded3012a48f66d97f720ea9e05036f934817796a1e98a1d8e406dfb918783cfef3
SSDEEP

3072:SnVSHOtPhTXBjmTkKmP4c4lY22DB8HxqVzrrVknn:SnVSutPhTXxRKG4cq6DB8Hxqhr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c18d9a3b308c427a39769005ee9bcac2

Files

c18d9a3b308c427a39769005ee9bcac2
.exe windows:4 windows x86 arch:x86

7e052dd2bc76fe2d59e96806044dd31d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxW
UnregisterClassA
LoadIconA
LoadStringW
CharNextA
LoadImageA
DestroyWindow
GetSystemMetrics
CharNextW

kernel32

LoadResource
EnterCriticalSection
WideCharToMultiByte
SetLastError
GetSystemTimeAsFileTime
InterlockedExchange
GetTickCount
LeaveCriticalSection
InterlockedCompareExchange
GetCurrentThreadId
GetEnvironmentVariableA
SetFilePointer
lstrlenA
GetCurrentProcessId
FindResourceA
EnumResourceNamesW
GetLastError
SizeofResource
RaiseException
Sleep
ExitProcess
LockResource
QueryPerformanceCounter
MultiByteToWideChar
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
CreateProcessA
FindResourceExA
lstrcmpiA
lstrlenW
LocalAlloc
TerminateProcess
GetCurrentProcess

clusapi

CloseCluster

shlwapi

PathAddBackslashW

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ