cab8ebad73cc42bdc338f90f42cf693d | Triage

Sharing

General

Target

cab8ebad73cc42bdc338f90f42cf693d
Size

328KB
MD5

cab8ebad73cc42bdc338f90f42cf693d
SHA1

8e520c431e8086863977ebf0109b5bc09c080218
SHA256

0d890568edee5323ccaebe014eec0ac0efa6a7346817445cc92c2b01b8db80b8
SHA512

0217cb4325b5fcb48208baaef81436dfa30fc7523468bcddc802fd6600a55dbf9eb5bc14fa8cae44474309035d4c468ba93de3d0a79f86f3e0b55542508baf9e
SSDEEP

6144:RIO1vldJgCEkwIrjs60wf66ofmryxq0X:Vhln2kwI3s60wf6vIeq6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cab8ebad73cc42bdc338f90f42cf693d

Files

cab8ebad73cc42bdc338f90f42cf693d
.exe windows:4 windows x86 arch:x86

2897449464850ef46ccb2c891add1879

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
SetEvent
CreateMutexA
GetComputerNameA
Sleep
CreateSemaphoreA
SetLastError
CloseHandle
GetCommandLineA
GetLastError
GetModuleHandleA
TlsGetValue
GetBinaryTypeA
DeleteCriticalSection
GetExitCodeProcess
ReleaseMutex
VirtualProtect
FreeConsole
GetTickCount
SearchPathA

shell32

SHGetMalloc
SHGetDiskFreeSpaceA
ShellMessageBoxA
SHAlloc
SHGetSettings
SheGetDirA
SheChangeDirA
DragQueryPoint
DragAcceptFiles
DragFinish
SHGetNewLinkInfo
SHFree
ShellAboutA
DragQueryFileA

loghours

DialinHoursDialogEx
LogonScheduleDialog
DirSyncScheduleDialog
DialinHoursDialog
DirSyncScheduleDialogEx

advapi32

RegCloseKey

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ