ca6468473eb3d6eb499a28996f6d616b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca6468473eb3d6eb499a28996f6d616b
Size

203KB
MD5

ca6468473eb3d6eb499a28996f6d616b
SHA1

fab1c3d98b2c90186140ad4246e5f457d1ad5185
SHA256

c5ff25050e5295a0e738e0ad319ae6897c89182404dee7591a0ef36310d60b79
SHA512

42d0f0159c836a670d2b3b4fbd636db56db45152f37bdbafdf65c1a5871d6587b27922c85786d10eacbf77cccf94e7a827a3f5d88df6170ba666849ad4ea9e96
SSDEEP

3072:30p5lCKo94YFUqQnrbRqW7Jm+vk8BnHG7nLTqqKG2l4MWV6EQzLMZv4:30p5lCN9lSrZxHG7nLeh2dVY0R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca6468473eb3d6eb499a28996f6d616b

Files

ca6468473eb3d6eb499a28996f6d616b
.exe windows:4 windows x86 arch:x86

a2157fc55bc409b9146077c1b4782a20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSystemMetrics
GetDesktopWindow
CharNextA
GetDC

kernel32

GetModuleHandleA
GetOEMCP
GlobalFindAtomW
GetACP
GlobalFindAtomA
lstrcmpA
GetCurrentProcess
SetLastError
GetWindowsDirectoryA
GetProcessHeap
IsDebuggerPresent
GetConsoleOutputCP
GetUserDefaultLangID
GetCurrentProcessId
GetStartupInfoA
GetCommandLineA
SetCurrentDirectoryA
GetLastError
QueryPerformanceCounter
lstrlenA
GetCurrentThread
GetVersion
GetTickCount
DeleteFileA
lstrcmpiW
MulDiv
lstrlenW
lstrcmpiA
Sleep
LoadLibraryW
GetDriveTypeA
GetCommandLineW
GetCurrentThreadId
CopyFileA
DeleteFileW
GetModuleHandleW
RemoveDirectoryA
GetThreadLocale
VirtualAlloc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ