c961d9af5dfa3519c676287df88b7bee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c961d9af5dfa3519c676287df88b7bee
Size

49KB
MD5

c961d9af5dfa3519c676287df88b7bee
SHA1

25a3ca29ff448dce6ed1b983603344b970d730cb
SHA256

9df019f6df5d723fcdee5201b39ec5a5749b1ad80544d14e7f604d09365ca722
SHA512

287590ebf08620b337c658ee53037f40973fb59498dc577eb0cb4d28c3884ebcda60e36248cbc7da69ed526ee796e1a57f041c10aff34ba6ed639298defc7556
SSDEEP

768:N4p87DJjCJsyDjkh9KTVfosn6gIfgBw7jFqqxlopHPFcRPJWCyjTqE3w4HiF4Mc:N4UVjer6OBw7jHSNSPYLnqCpHab

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c961d9af5dfa3519c676287df88b7bee

Files

c961d9af5dfa3519c676287df88b7bee
.exe windows:5 windows x86 arch:x86

85029ee2349ef779fb21fad06737bd21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathMatchSpecW
wnsprintfA
PathFileExistsW
PathFindFileNameW
wvnsprintfA
wvnsprintfW
wnsprintfW
PathCombineW
StrCmpNIW
StrCmpNIA

kernel32

GetFileSizeEx

advapi32

RegQueryValueExA
CryptCreateHash
RegDeleteValueA
GetUserNameW
CryptHashData
CryptGetHashParam
RegSetValueExA
CryptReleaseContext
DuplicateTokenEx
CryptDestroyHash

Sections

.opidox
Size: 39KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qrwtap
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pir
Size: 6KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ