d445e19123e5b9719a458f78c7b382a0 | Triage

Sharing

General

Target

d445e19123e5b9719a458f78c7b382a0
Size

7KB
MD5

d445e19123e5b9719a458f78c7b382a0
SHA1

b73bb14928b81893bdb9a86ff35776f7500359d0
SHA256

94d01e93f05c5599816a16560b1e6207b9830e4d30556c9cf3ec6a11ba826441
SHA512

239f02a2c8b47f904b65abbed74f1dfd7df5b678d8dca9803a5268f612a15796df08f9593932e78794e44b6e53a93768748c4704233eec2f79e3870d8aca5a51
SSDEEP

96:qMBBeJ4PPxRelqf49arPW1qral8qvstDLE3VSgWlfq7t:qMHeJ+PxRcJarXra6qvoLE3VYlfq7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d445e19123e5b9719a458f78c7b382a0

Files

d445e19123e5b9719a458f78c7b382a0
.exe windows:4 windows x86 arch:x86

7dcf827d7b0db0eb3a28109e3a312411

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memcpy
strstr
NtQueryInformationProcess
RtlZeroMemory

shlwapi

PathFileExistsA

psapi

GetProcessImageFileNameA

kernel32

lstrlenA
lstrcpyA
lstrcmpiA
lstrcatA
OpenProcess
LoadLibraryA
CloseHandle
CreateMutexA
ExitProcess
FreeLibrary
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
GlobalFree

user32

UpdateWindow
TranslateMessage
CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
GetMessageA
LoadCursorA
PostQuitMessage
RegisterClassExA
SetTimer
ShowWindow

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ