1914529ba31bfc5c9e5a82b99199a9bc434b4dcf9172bb86112ec4932eebc565 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1914529ba31bfc5c9e5a82b99199a9bc434b4dcf9172bb86112ec4932eebc565
Size

6.1MB
MD5

5557242f4ab633c717baaf4aa1f790d7
SHA1

fbad0de98b58aefc3fe3b1d2c9e47909d8a8800c
SHA256

1914529ba31bfc5c9e5a82b99199a9bc434b4dcf9172bb86112ec4932eebc565
SHA512

5d62f1a5d9355f23607a12fe85c2b8722c55166ae43d9c06d6042ec8436fdb42fa2dd673d80c416301400c144df539ba0415d625ce185e3943dfad1c0b675c3a
SSDEEP

98304:spB2sXj/QuM6cxpTWQEBME50rylkbxWpmJYD85BgJKeaKJTMEWACqceN1x:spBxXa6qpq0yIbxohEBYaKyfPQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1914529ba31bfc5c9e5a82b99199a9bc434b4dcf9172bb86112ec4932eebc565

Files

1914529ba31bfc5c9e5a82b99199a9bc434b4dcf9172bb86112ec4932eebc565
.exe windows:5 windows x86 arch:x86

dcd0ec9d691ff9d3e80accfa93b98d15

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAcquireResourceShared

kernel32

FindFirstFileExW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetMenuCheckMarkDimensions
CharUpperBuffW

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.:kQ
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.C<#
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.$XE
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.LJ1
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ