c5fb7437cb07f7d3f30acc4c65244f60 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c5fb7437cb07f7d3f30acc4c65244f60
Size

99KB
MD5

c5fb7437cb07f7d3f30acc4c65244f60
SHA1

8cff3e9373f2c2cb86e7a1eda582ee40428eefe3
SHA256

7de0a9c5f6886292744c6023a1a9c46242808c651d5a1602885311f3a1477b6b
SHA512

2eeb683084da35b38b83176fca3972bc32f73baa10e6119121e416c5a53518058bce76b54ac06d43494e0f2a8ae6976fe796d0e992697b941c893af865972219
SSDEEP

3072:EBUKIpdFRb7dovWkxaWnWa+Ilnyd+Mn6:EBUKWnb8kWjgF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5fb7437cb07f7d3f30acc4c65244f60

Files

c5fb7437cb07f7d3f30acc4c65244f60
.exe windows:4 windows x86 arch:x86

134bbcb2c7f7e7b3517c696122b3599c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetCurrentDirectoryA
GetCurrentThreadId
GetComputerNameA
GetProcAddress
LoadLibraryA
VirtualProtect
GetWindowsDirectoryA
GetStdHandle
LoadResource
FindResourceA
CreateEventA
LocalFree
ExitProcess
GetCurrentThread
VirtualAlloc
LocalAlloc
LockResource
GetCurrentProcessId

advapi32

GetUserNameA

user32

GetForegroundWindow
GetSystemMetrics
GetActiveWindow

msvcrt

memcpy
memset
wcslen
wcsncpy

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ