ca5ea279c7d2c817279f819684c7c85c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca5ea279c7d2c817279f819684c7c85c
Size

274KB
MD5

ca5ea279c7d2c817279f819684c7c85c
SHA1

75b933532bfdf7a86395c3777c54a230a0debb74
SHA256

5052fedc022ad7d244bc4332ade92c1d739aafb2bbb7c732d7ad221586f7bcce
SHA512

a634435ab6584899353a90dab623fe90b27b52180e7f897849362466059d744ac1af00cd861c02b345e32183945f4c0921b6f6dda447c7a866ed9d038aab5828
SSDEEP

6144:EgGdwdxObi2PqdN9pMefMWlQozj6c3wwlyAgwil+MTJwm:nuwdYxyxJUBozj6ily/w8+hm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca5ea279c7d2c817279f819684c7c85c

Files

ca5ea279c7d2c817279f819684c7c85c
.exe windows:5 windows x86 arch:x86

726b208a3aac1cb690de5c44c39498db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wsock32

__WSAFDIsSet

version

VerQueryValueW

winmm

timeGetTime

comctl32

ImageList_Remove

mpr

WNetCancelConnection2W

wininet

InternetReadFile

psapi

EnumProcesses

userenv

CreateEnvironmentBlock

user32

GetCursorInfo

gdi32

DeleteObject

comdlg32

GetSaveFileNameW

advapi32

RegEnumValueW

shell32

DragQueryPoint

ole32

OleSetMenuDescriptor

oleaut32

VariantChangeType

Sections

.text
Size: 244KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE