c5867325f3c33175b0561e132528b369 | Triage

Sharing

General

Target

c5867325f3c33175b0561e132528b369
Size

636KB
MD5

c5867325f3c33175b0561e132528b369
SHA1

f760c498c590d8fa5a305ac499f95f87fc3ba1ed
SHA256

fe33d5bf76c9328c3ba2dff946a6aeda5ef4087ea46904a12697d0d15f4c9043
SHA512

1d1e236c7c04b0182a99658d29db1805c91ac778dc3373e880b1b938050404c3797c395273a0237c7aa91144bf198c4f4ccce0e09cf73e4b8ebf30f0db0a9272
SSDEEP

12288:H7jpS31ZxKSpzluJzNo15jH78WtvspyjriT/bmUH4Cu:bjcZxKcUt2JH7ztdmTA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5867325f3c33175b0561e132528b369

Files

c5867325f3c33175b0561e132528b369
.exe windows:4 windows x86 arch:x86

1d7a34da11f4b8434bce62c87e9a26d6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GlobalUnlock
CompareFileTime
CloseHandle
WaitForMultipleObjects
HeapCreate
SuspendThread
GetConsoleCP
GetSystemDefaultLangID
WaitForSingleObject
GetAtomNameA
LoadLibraryExA
InterlockedExchange
VirtualProtect
GetCommandLineA
GetVersion
GetTickCount
HeapReAlloc
LocalSize
lstrlenA
GetModuleHandleA

gdi32

GetStringBitmapA
GetMetaFileA
DeleteDC
DeleteObject
CreateFontA
EngLineTo
CreateICA
GetRgnBox
AbortPath
GetFontData
EndPath
FloodFill
EqualRgn
CreatePalette
Ellipse
Escape
GetTextColor
BeginPath
GetMetaRgn

winmm

auxSetVolume
PlaySoundA
OpenDriver
CloseDriver
auxGetVolume

secur32

AddCredentialsA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ