ca6edd25cf60702f70bfe419072a9dac | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ca6edd25cf60702f70bfe419072a9dac
Size

128KB
MD5

ca6edd25cf60702f70bfe419072a9dac
SHA1

32dc4d8d13cfc30842c14a6515431112b98bdac4
SHA256

cfe0648fb3238469051d4ca259e668b463f3ac5d634a544aa6a568f7ea02a9f2
SHA512

23bdb3149d88f63f7d49c78169584aaa1dd7c66f3d510410c407b7e7037b28803d3589fc55db0b0de1f8b82cf2ac914627e9606a8a21ac54f0c95c4b8a03927a
SSDEEP

1536:C2auqimPSef/6a5Tz7ELwk1jvOI3tUgXRG47w1zHGXW3Hx8M9axFsV6JH3Lu5O:C3uqimKeXR+Fm+XXH7qmmHxpwffbSO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ca6edd25cf60702f70bfe419072a9dac

Files

ca6edd25cf60702f70bfe419072a9dac
.exe windows:4 windows x86 arch:x86

9bda5e3ee8bba70e3939c058ae738d31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

OpenWindowStationA
GetWindowLongA
SendMessageA
ExitWindowsEx
SetThreadDesktop
GetWindowThreadProcessId
MsgWaitForMultipleObjects
CloseWindowStation
CloseDesktop
DispatchMessageA

kernel32

CreateFileA
VirtualAlloc
GetTickCount
ResetEvent
GetModuleHandleA
GetSystemTime
GetProcAddress
HeapReAlloc
GlobalUnlock
VirtualProtect

advapi32

CryptCreateHash
GetUserNameW
CryptGetHashParam
CryptHashData
RegCreateKeyExA

shlwapi

wnsprintfW
StrStrW
PathFileExistsW
wnsprintfA
StrCmpNIW
PathFindFileNameW
StrCmpNIA
wvnsprintfA

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 253B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE