c43b64e15eaf35f33dba842e76efe7da | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c43b64e15eaf35f33dba842e76efe7da
Size

26KB
MD5

c43b64e15eaf35f33dba842e76efe7da
SHA1

84824f1dcd40714f56ff060c95323faad3f8b0bf
SHA256

79ada38ebca142654871ebd132bfbbd957e1f9f029fe346e6bb587281414b82d
SHA512

9a9eab155e774318eb27e1b8666ad9dd8f2f25cee1968ea4294f765f08209b8ccc1a0310523bdd67d46506a8ada5098e44060e3e2ba5531d05d44bdfb109da89
SSDEEP

384:d+R2vp1xRVQ+mEVWYDZWPbNi3aFuuixE0yQA7dAE3pS2hIXeLkfiivJo:d62vpPvQ9OHP20W7aiSkIXeLkfJvJo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c43b64e15eaf35f33dba842e76efe7da

Files

c43b64e15eaf35f33dba842e76efe7da
.exe windows:6 windows x86 arch:x86

c68d73254be3bbf5f5985e74b424f206

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dvdplay.pdb

Imports

advapi32

RegGetValueW

kernel32

CreateProcessW
SearchPathW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

?terminate@@YAXXZ
__set_app_type
_controlfp
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
memset
_except_handler4_common

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ