c5a56b473e59ae3e587c99050a0b91b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c5a56b473e59ae3e587c99050a0b91b4
Size

228KB
MD5

c5a56b473e59ae3e587c99050a0b91b4
SHA1

497edea0e866572e10faddd7dc8db0f4ae0c0ceb
SHA256

d4a465d838c0c506016a2bf074588c713d5e77da778dbb0c15f787dd411e11fc
SHA512

4d1298974248c580773769d40a575f5dec8115599dc2c94db2b51a3d921487cca39df12554414d1c4845219e6fd6ce0140f5d78457ff737424ad184d21590f3c
SSDEEP

6144:LI0Flk1P0XadIQRfA7PKsZMbIWxesafoUtr:1lkt0KrR47VSPe7oG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5a56b473e59ae3e587c99050a0b91b4

Files

c5a56b473e59ae3e587c99050a0b91b4
.exe windows:4 windows x86 arch:x86

fd582a38b2a98204243dac10ec2afd2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CreateDirectoryExA
CreateFiber
DuplicateHandle
EnumResourceLanguagesW
ExitProcess
GetExitCodeThread
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
OpenFile
PeekNamedPipe
SetNamedPipeHandleState
SwitchToFiber
VirtualQuery
lstrcmpW

advapi32

ConvertSecurityDescriptorToAccessNamedA
EqualPrefixSid
FreeSid
GetMultipleTrusteeOperationW
QueryServiceStatus
RegReplaceKeyW
SetEntriesInAclA
SetServiceStatus

gdi32

CreateRectRgn
DeviceCapabilitiesExW
GetDIBits
GetEnhMetaFileBits
GetTextColor
GetTextExtentPoint32A
ModifyWorldTransform
RectInRegion
RestoreDC
RoundRect
SetBoundsRect
SetViewportOrgEx
StartPage

Sections

.text
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ