ca64ffdb5ba5d6a1a577f7475864fced | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca64ffdb5ba5d6a1a577f7475864fced
Size

151KB
MD5

ca64ffdb5ba5d6a1a577f7475864fced
SHA1

96fbebeea76e3d183bdced3c9b970356dca1cdf7
SHA256

e0e956dcb4256c73a06c0e919de40c377656bff31be758562f2cbd4e0321eded
SHA512

9df42e6753e1082dfb44d4c8259c1321e50fc696874e004bd2a7da5c96120eac8f7f14efcd97534fb05080bfe6ee044611042ee12d8b956c516ae81e96fbb196
SSDEEP

3072:aNFSL8oVcIZjIbDJlSaSYqSAS9DivyhgbS5qMvzDjZE+w:mFSg6c+8PzF7b9DiaWOjvz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca64ffdb5ba5d6a1a577f7475864fced

Files

ca64ffdb5ba5d6a1a577f7475864fced
.exe windows:4 windows x86 arch:x86

eb6595aba63323d0750d670cf21851b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetDesktopFolder
Shell_NotifyIconA
SHFileOperationA

kernel32

MulDiv
LoadLibraryA
ExitProcess
VirtualAlloc
LocalFree
LocalAlloc
LocalReAlloc

user32

FillRect
GetWindowTextLengthA
GetMenu
EnumChildWindows
CreateMenu
IsWindow
FindWindowA
LoadIconA
LoadBitmapA

shlwapi

SHGetValueA
PathIsContentTypeA
SHDeleteValueA
SHQueryInfoKeyA
SHStrDupA
PathFileExistsA

Exports

Exports

g3AsDU707FZ@24
_NP53I69h4mroO@20
zJnEK0E@20
eYYJa@4
xTYPJjaXtB@20
_E9_wOZ
_0tr4_xe9e@20

Sections

CODE
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 829B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.itdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ