cbcde1bbb728cb023016839d1ad7365c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cbcde1bbb728cb023016839d1ad7365c
Size

572KB
MD5

cbcde1bbb728cb023016839d1ad7365c
SHA1

ac326606ac2da070a412936343172c7fd262ab12
SHA256

21ebc31373835a97d9e5a9bf0d0ba6551d08982ca5ed569d498b952251994a87
SHA512

9ee53054ab7bb56896082d496db88ee29f932d52aec972eb779cd4ab9e475a21c3618f7739d9704a8cc4335fdd9d740375dece9d37ba8cbde836b086a6c59c15
SSDEEP

12288:vUER30+G8XrbqJS+qYom8qJL+BKuraR4HHkCk545nPpWMt:vUER0+GarmJS+qj4L+BBa/5apWMt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbcde1bbb728cb023016839d1ad7365c

Files

cbcde1bbb728cb023016839d1ad7365c
.exe windows:4 windows x86 arch:x86

cec2af10592bb649b0e400f4d6df3397

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetLastError
GetModuleHandleA
GetStartupInfoA
ExitProcess
HeapSize
DeleteTimerQueue
ResumeThread
CloseHandle
ReleaseMutex
lstrcmpiA
AddAtomA
GetPrivateProfileStringA
IsValidCodePage
DeleteCriticalSection
GetDriveTypeA
GetTickCount
SetEvent
GetTempPathA
CreateHardLinkA
HeapDestroy

advapi32

GetFileSecurityA
RegCloseKey
OpenEventLogA
AccessCheck
RegLoadKeyA
GetSecurityInfo
LsaSetSecret
LsaClose
IsWellKnownSid
RegCreateKeyExA
RegEnumValueA
CloseTrace
FreeSid
IsValidSid
CloseEventLog
LsaFreeMemory
RegQueryValueExA
RegEnumKeyExA

apphelp

ApphelpCheckIME
SdbFindFirstTag
SdbFindNextTag
SdbFreeFlagInfo
ApphelpShowDialog

user32

CreateWindowExA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE