c69809ef444e62bd4f0636a40771535c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c69809ef444e62bd4f0636a40771535c
Size

88KB
MD5

c69809ef444e62bd4f0636a40771535c
SHA1

7a2439d2b11d0912acff40d92ed9614a0e044325
SHA256

03e3dcd983eb32e30f79c0a4979f11d6e1b39b37e59bd9dda9f9ce6edc8628d1
SHA512

3331e6ef3ee7364d30b43da541598502f1f823be4692e103c594312e5adfbb013fa4d2e116b2bbcd7a3ac87c573a3b2b137ffc97186140e234200f6c3a51580e
SSDEEP

1536:eOUGCCdVuUB24Ngwy6SogaaQg2Wz+ZWf09rhT:BrCCuS24NfyogaaQdWzuWf09

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c69809ef444e62bd4f0636a40771535c

Files

c69809ef444e62bd4f0636a40771535c
.exe windows:4 windows x86 arch:x86

3fc6d984153cc5d056693dd55ac073d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
TlsGetValue
FreeConsole
LoadLibraryExA
FindClose
GetModuleHandleA
Sleep
GetDriveTypeW
EnumResourceTypesA
DeleteCriticalSection
VirtualProtect
PulseEvent
CloseHandle
LocalFree
GetDiskFreeSpaceExW
SetLastError
GetDateFormatA
GetCommandLineA
IsBadCodePtr
IsBadReadPtr

shell32

DragFinish
DuplicateIcon
DragQueryFileA
SHGetSettings
SHFree
DragAcceptFiles
ShellMessageBoxA
SHGetDiskFreeSpaceA
ShellAboutA
StrChrA
SHGetMalloc
DllUnregisterServer
ExtractIconA

msasn1

ASN1BERDecCheck
ASN1BERDecBool
ASN1BERDecFlush
ASN1BERDecEoid
ASN1BERDecDouble

advapi32

RegCloseKey

Sections

.text
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ