c485985d7d40fd468ddb744f52c26fc9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c485985d7d40fd468ddb744f52c26fc9
Size

191KB
MD5

c485985d7d40fd468ddb744f52c26fc9
SHA1

5d8aa8535c6dd8141f134b620380ec6887484c6c
SHA256

a21527e796f72176ea121374bebbe965f7072a4c61674bea17b3393dab860979
SHA512

487dc91aafa8d896cb0a1c0ff0218eaa087f69c18ca2a88b7b6fce51aec2b58f5ec4fd9218467065f401c8e076e844832d4cfe94e87c70b9d49759e5bf5d31ee
SSDEEP

3072:iZjSMf219NtV/i1UezE8JoGua0D8awPwRV0YXLz6xg3gVb2nPD36cbA+HexHjlfp:U9U9Nj/8z8DwEVfXLmx+gVb2nPD36cbm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c485985d7d40fd468ddb744f52c26fc9

Files

c485985d7d40fd468ddb744f52c26fc9
.exe windows:4 windows x86 arch:x86

c30675468651a95dc73046c695428804

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetSystemTime
RegisterConsoleIME
lstrcmpi
SetProcessShutdownParameters
IsSystemResumeAutomatic
GetConsoleInputExeNameA
QueueUserWorkItem
UnmapViewOfFile
TlsSetValue
ReadFileScatter

user32

GetProcessDefaultLayout
SetSysColorsTemp
SetFocus

gdi32

GdiEntry1
GetObjectType
GetCurrentPositionEx
PolyBezier
GdiIsMetaFileDC
UpdateICMRegKeyA
EngMultiByteToUnicodeN
GetPath
EngGetPrinterDataFileName
GetGlyphIndicesW
GdiIsPlayMetafileDC
GdiAddGlsRecord
QueryFontAssocStatus
GetCharABCWidthsW
CloseMetaFile
StrokePath

Sections

.code
Size: 9KB - Virtual size: 808KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pack32
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ