d62304640f4b950ffd12b951325b475b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d62304640f4b950ffd12b951325b475b
Size

31KB
MD5

d62304640f4b950ffd12b951325b475b
SHA1

0013560e98931b458d47b070f60f87a6a1b6f496
SHA256

77fb9b39c5b05b58e85e12a19f7745f1e1ef894faca631321f9d0290c83e9bd4
SHA512

c4ad6eee6ae7bf63d886841de630610d58e146068e3fab095a670c3d4a9ab8800a78a5ced211d733a0b39870065b5ead273564b43cbabc4fc1888e06c75c8364
SSDEEP

768:w2/Gnrd0Alyju4yLMxcRXkbwJDVL48mTar:b/G1NL2G0bwJDV4hur

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d62304640f4b950ffd12b951325b475b

Files

d62304640f4b950ffd12b951325b475b
.exe windows:4 windows x86 arch:x86

a8338f83aab0477533436514027a4b1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleDuplicateData
CoLockObjectExternal
CoRegisterClassObject
CoFreeAllLibraries
OleDoAutoConvert
CoFreeUnusedLibraries
OleRegEnumVerbs
CoReleaseServerProcess
CoIsOle1Class
CoGetStandardMarshal

kernel32

WriteConsoleW
GetCPInfo
GetEnvironmentStrings
GetLastError
HeapCreate
GetCurrentThreadId
VirtualAlloc
lstrcpyA
SetStdHandle
SetFilePointer
FileTimeToLocalFileTime
GetSystemDirectoryA
InitializeCriticalSection
MultiByteToWideChar
SetPriorityClass
ReadFile
GetStartupInfoA
SizeofResource

gdi32

GetTextMetricsA
BitBlt
StartDocA
SelectObject
SetTextAlign
GetObjectA
StartPage
ExtTextOutA
Ellipse
Rectangle

msvcrt

rand
strcspn
memmove
free
atol
wcsncmp
_stricmp
exit
__mb_cur_max
_wcsnicmp

advapi32

LookupPrivilegeValueA
MapGenericMask
OpenServiceA
RegOpenKeyA
RegQueryValueExA
GetAce
AllocateAndInitializeSid
SetKernelObjectSecurity

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 501B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ