df0a07b4ec80861852142e1125476f6e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

df0a07b4ec80861852142e1125476f6e
Size

5KB
MD5

df0a07b4ec80861852142e1125476f6e
SHA1

50cac6882021282a998c8942cb674100352a6707
SHA256

721fa006005b715b96bc0365b92d8227109a2b94df2b92d296b5ca21e17eb9d5
SHA512

580c8efecb36fe42932126fa834d14470a71809eb94f4cae7880cb6c0df6040388b4a59ae4e8a7fd9b0b224533515d90c19cb0850f8759a5d102f70216f71cfc
SSDEEP

48:CAVFKZA6oPJykmwVhxDOg/Dqxorwrr4r82chQv91WiIZpNDQZ8NcgKwhBdv2MQG:pzRLVrTEVq82t9M3ppXL/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df0a07b4ec80861852142e1125476f6e

Files

df0a07b4ec80861852142e1125476f6e
.exe windows:4 windows x86 arch:x86

49e9373dd714a3337a9d2903682b9ab9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WaitForSingleObject
CreateEventA
GetCurrentProcessId
lstrcatA
SetEvent
GetProcessHeap
HeapFree
lstrcpyA
CompareStringA
CreateToolhelp32Snapshot
Process32First
Process32Next
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
CreateProcessA

user32

AnyPopup
IsWindow
GetWindowTextLengthA
wsprintfA
GetParent
GetWindowRect

shell32

SHGetFolderPathA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE