c7be3474c0f995736d17fb71259149f4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c7be3474c0f995736d17fb71259149f4
Size

115KB
MD5

c7be3474c0f995736d17fb71259149f4
SHA1

d7c8baaf30152af3c5b6444673b2d373058130cd
SHA256

83ac094359a20ed3080448e6dcfe3487fcb9bb31d04b7d07b153f1ed477c4e23
SHA512

b5017815736cf10c27ffa4ff1fa2b85662e694cbb2814edb17bcc58f726c92893cdd611eb99961e37a4a59aa09fd3ec2b8d53c3e1ff342826b1f6a9ef6d308a2
SSDEEP

3072:vICKjtL3HwSFcxBfb9kSz1xoPMeokQwjHDLGdU2B4fDX:vrKjtL3Hwb9kCUPMCDLG6zX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7be3474c0f995736d17fb71259149f4

Files

c7be3474c0f995736d17fb71259149f4
.exe windows:4 windows x86 arch:x86

528ce5777894e086ec73296e396effd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
CreateProcessW
GetModuleHandleA
VirtualProtect
GetEnvironmentVariableW
GetCommandLineA
ResetEvent
GetProcAddress
LoadLibraryA
MultiByteToWideChar
SystemTimeToFileTime
TryEnterCriticalSection
FindClose
CreateThread
GetFileAttributesW
HeapReAlloc
lstrcpynW
CreateEventW
GetFileTime
lstrcatW
VirtualAlloc

advapi32

RegSetValueExA
DuplicateTokenEx
RegQueryValueExA
CryptReleaseContext
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptGetHashParam
RegCloseKey

shlwapi

StrCmpNIA
StrStrW
PathCombineW
wnsprintfA
PathFileExistsW
wvnsprintfW
PathFindFileNameW

user32

GetKeyboardState
CharLowerBuffA
GetIconInfo
GetCursorPos
CloseDesktop
GetClipboardData
GetWindowTextA
MsgWaitForMultipleObjects
DrawIcon
CloseWindowStation
EndDialog
ToUnicode

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 421B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE