c390b5dda4e32099a83e0bc5d807f96d | Triage

Sharing

General

Target

c390b5dda4e32099a83e0bc5d807f96d
Size

26KB
MD5

c390b5dda4e32099a83e0bc5d807f96d
SHA1

b0e2d7f612e3e322d1c1a889caf5e6cd47028966
SHA256

8633ad45cdfbc18c0787ef0b916f7e59acd26ea01b8b6c6d400360b97d204c54
SHA512

2ebe1674cace9559914273644aecd65607976ed23fc5e27e13be3c2b9a2276bb485f71deb7a47135805b07f60d19d7a919d7123c6c0a54104b43d59334426f07
SSDEEP

384:q+ERkUoWGWxV8iXamWAaL9DczF4+oHHQIU/7HYg3l2zm4VvS1HYHPkX2GHOUO/y:tEuhWxVPamDaL5czYHQbMKlSv6Y5S4y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c390b5dda4e32099a83e0bc5d807f96d

Files

c390b5dda4e32099a83e0bc5d807f96d
.exe windows:5 windows x86 arch:x86

cd4bf75a920be2c9e910a6d4d1fc450e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReadFile
SetFilePointer
GetFileSize
GetModuleFileNameA
GetStartupInfoA
GetBinaryTypeA
GetModuleHandleA
HeapFree
ExitProcess
HeapAlloc
VirtualAlloc
VirtualFree
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingA
GetProcAddress
LoadLibraryA
GetProcessHeap
CreateFileA

user32

GetDC
GetMessageExtraInfo
wsprintfW
DdeQueryStringA
PeekMessageW
EnumPropsExA
DdeQueryConvInfo
GetUpdateRect
CopyIcon
GetDoubleClickTime
DrawStateA
GetShellWindow
GetKeyboardLayoutList
UnhookWindowsHook
CreateWindowExA
RegisterClassA
LoadCursorA
LoadIconA
DefWindowProcA
CloseClipboard
LookupIconIdFromDirectoryEx
ScrollDC
GetKeyboardType
GetDesktopWindow

gdi32

GetBkColor

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ