c672db131afe4ed3098f3c84181d0a41 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c672db131afe4ed3098f3c84181d0a41
Size

229KB
MD5

c672db131afe4ed3098f3c84181d0a41
SHA1

42ee46fa69e11d3c5e08af3b8eef58dd9f21fe20
SHA256

58f07965a2fda82fd2103d4cefc3cca07770d694b4ec967fee89801e2ffe51b8
SHA512

0926c6b7779c12c917cd7d704b161062723979f1d035774e6dd85787a4575fa4fd0cfc87735610b6674619bbc6994de1902069597503181d5918459e73382df9
SSDEEP

3072:4DCYCVrrnXsJjI71LBRl0a7pXDKms+yoTKKuOpjY77oHaQ3rTN89phHklygwhFZA:tYClLXsjI1BbDL67E6Q3fuHVThFa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c672db131afe4ed3098f3c84181d0a41

Files

c672db131afe4ed3098f3c84181d0a41
.exe windows:4 windows x86 arch:x86

340ac9158b14b8dae6a2de0551d18fa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CloseHandle
LoadLibraryA
CreateFileA
ExitProcess
GetCurrentProcess
LCMapStringA

user32

SetWindowLongA
wsprintfA
CharLowerBuffA
CloseWindow
CreateWindowExA

advapi32

RegEnumValueA
RegSetValueA
RegCloseKey
RegQueryValueA
RegDeleteValueA
RegCreateKeyA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ