c21ded92e78b7e85c50ef285ebfbf570 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c21ded92e78b7e85c50ef285ebfbf570
Size

200KB
MD5

c21ded92e78b7e85c50ef285ebfbf570
SHA1

a72407cd76260457e7a23f242937e58ace63f361
SHA256

682f2031b24ac7a547d5b61ca26f576bb72462a044e53c1ad3bcbd9758b97f19
SHA512

66008c0499f6590a327bc1ef484f90cbb9854e687d784c134c0eff38d911d470d16e0e443d8acdfdeabbb73979906b9fc75cd0bb0d5b7fae5835c28cfdb87bd7
SSDEEP

6144:OXOK3zFCgS9FPgGUJjS8zksCxVufZHV13UgScLPPD:OXOK3LQFPgGkjS8AsCuf7JP7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c21ded92e78b7e85c50ef285ebfbf570

Files

c21ded92e78b7e85c50ef285ebfbf570
.exe windows:4 windows x86 arch:x86

92cbe559b2c3e4246b23c706e45520d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
GetModuleHandleA
FileTimeToSystemTime
ResetEvent
HeapCreate
VirtualFree
VirtualAllocEx
DeleteTimerQueue
GetLastError
EnterCriticalSection
LocalLock
VirtualLock
SetEvent
CreateTimerQueue
OpenSemaphoreA
VirtualQuery

user32

GetDesktopWindow
PostMessageA
GetDC
IsWindowUnicode
GetSysColorBrush
LoadCursorA
GetCursorPos
LoadAcceleratorsA
SetTimer
ReleaseDC

gdi32

PatBlt
GetPixel

psapi

EnumProcessModules

msvfw32

DrawDibOpen
DrawDibEnd
DrawDibClose

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ