c27b67fa296b908737b1c3a688ace4ba | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c27b67fa296b908737b1c3a688ace4ba
Size

62KB
MD5

c27b67fa296b908737b1c3a688ace4ba
SHA1

f71bd5f6733535c162d130396e85fb6b18c64530
SHA256

d8ee221be42953ca29b7fb77875efcbd87693c1f7a048767e27e2d33b677511d
SHA512

ddccd93059904420406397d31078633d680b27850fa79a347c4424256205b305c3953782f451c504c29a85e62b0e695aa49d74ebcabf4fb95732ff80452bb115
SSDEEP

1536:zAeqC9/nxWKzr/GzvdIzeTnNl/y6V/LiXAmHsW07+gTs1rZBnz:9LFT+JIzeTnDVNLi1MTQ1r/z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c27b67fa296b908737b1c3a688ace4ba

Files

c27b67fa296b908737b1c3a688ace4ba
.exe windows:4 windows x86 arch:x86

b2c50b492b44ef185654aa45cbd9ba1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
VirtualAlloc
lstrcpyA
VirtualProtect
EnterCriticalSection
lstrlenW
GetSystemTimeAsFileTime
GetModuleHandleA
WaitForSingleObject
ExpandEnvironmentStringsW
GetLocalTime
GetSystemTime
GetFileTime
GetTimeZoneInformation
HeapAlloc
GetEnvironmentVariableW
lstrcatW
GlobalLock
lstrcmpiW

user32

DispatchMessageA
ToUnicode
EndDialog
GetClipboardData
SetProcessWindowStation
GetDlgItem
GetWindowThreadProcessId
GetDlgItemTextA
GetKeyState
PeekMessageA
GetForegroundWindow
GetClassNameA
DrawIcon
FindWindowExA
LoadCursorA
GetCursorPos
OpenDesktopA

advapi32

CryptReleaseContext
RegEnumKeyExA
CryptCreateHash
DuplicateTokenEx
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
CryptHashData

shlwapi

wvnsprintfA
StrStrW
PathMatchSpecW
wnsprintfW
StrCmpNIW
PathFindFileNameW
StrCmpNIA
PathCombineW
PathFileExistsW
SHDeleteKeyA

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE