ca41a6cf90f07d1b5c7b97875902bcf3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca41a6cf90f07d1b5c7b97875902bcf3
Size

193KB
MD5

ca41a6cf90f07d1b5c7b97875902bcf3
SHA1

a699afb31e7327ee3c986b626147bfb1b2dfc963
SHA256

803cc5289437540523f7a9e1cb2c351613130def73c970aff47c22b1a64843e7
SHA512

bb3c845c7f8b3ce766d1ce7e0f899ce59d5a01e2e47bd4bc993fea5b020250df792b9a7faf548cb5df9230d1c71eeb08810c1a185e7ee88995bea71d2beff11a
SSDEEP

3072:K/l8Qsj1jD/Rse5Ugdr7lj0iwe2Mp1si93r3P/WP/+ac9gbmIqmUN0G5EvR:KO5R5Ugl7loiwSqiFbX2dc9jtg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca41a6cf90f07d1b5c7b97875902bcf3

Files

ca41a6cf90f07d1b5c7b97875902bcf3
.exe windows:4 windows x86 arch:x86

ae1bb9336b5b4edc298ef52363eac438

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

NdrFixedArrayFree
UuidCreate

shlwapi

PathFileExistsW

kernel32

VirtualAllocEx
GetSystemTimeAsFileTime
CreateProcessA
LocalAlloc
EnumResourceNamesW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
RaiseException
OpenWaitableTimerW
InterlockedExchange

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegSetValueExA

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ