df18c089940f4c8cf2a22110b653cf38 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df18c089940f4c8cf2a22110b653cf38
Size

65KB
MD5

df18c089940f4c8cf2a22110b653cf38
SHA1

35aeefaf76b4178ecbf47822048ff4a6211f9c28
SHA256

0f611f29ffdc98f589de0dfa2c58cf33e44aa96ca045559ff2ca5be3351c0973
SHA512

1cd1e3e6732cc6e9f53d67d8b68fc27d3399e997a044ad49c90b8735c5b528559527111bd28c7b428d7579638c8f2c727f3cd9fbb106a9e2eee888b142b7b102
SSDEEP

1536:PPZ54PTmnsg9YCVynJhf9kyuxTlQRtc10+7EtLJF:g0FPmzDdp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df18c089940f4c8cf2a22110b653cf38

Files

df18c089940f4c8cf2a22110b653cf38
.exe windows:4 windows x86 arch:x86

458d5c597def0d5e6f1944b99861ca19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
WaitForSingleObject
GetFileAttributesA
LeaveCriticalSection
FindNextFileW
HeapAlloc
VirtualAlloc
VirtualProtect
HeapFree
GlobalUnlock
ExpandEnvironmentStringsW
lstrcpyA
GetVersionExW
lstrcmpiW
CreateThread
CreateFileA
lstrcatA
SetFilePointer
GetProcAddress
ResetEvent
MultiByteToWideChar
MulDiv

user32

ToUnicode
GetWindowThreadProcessId
DrawIcon
GetKeyboardState
ExitWindowsEx
SendMessageA
GetDlgItemTextA
GetMessageA
GetForegroundWindow
CloseDesktop
FindWindowExA
PeekMessageA
GetCursorPos
MsgWaitForMultipleObjects
SetThreadDesktop
CharLowerBuffA
GetIconInfo
GetWindowTextA
SetProcessWindowStation
GetClassNameA

shlwapi

wnsprintfA
wvnsprintfW
PathRemoveFileSpecW
StrCmpNIW
PathFindFileNameW
StrStrW
SHDeleteKeyA
wvnsprintfA
PathMatchSpecW
wnsprintfW
StrCmpNIA
PathFileExistsW

advapi32

RegDeleteValueA
DuplicateTokenEx
CryptCreateHash
CryptGetHashParam
CryptHashData
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegCloseKey
CryptDestroyHash

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE