e0e8fd38fa63642d13a4f4489e525ad2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0e8fd38fa63642d13a4f4489e525ad2
Size

53KB
MD5

e0e8fd38fa63642d13a4f4489e525ad2
SHA1

23926e0d1dbc58fa3b59ee8c27d8bc98e6b42b0d
SHA256

1e58308d98cee26802278f1112f4a5ee0f0d0d9fb7759f8ca85829d7a98771d6
SHA512

a257b0aaec4b6c718efaf708ba355dbecc84c9e5506e1b81ab2d93ff59a29da38ddaa8c65a067c918def33e951fe218369fab253dc38daba12338b2ad38df04a
SSDEEP

1536:3+HSTw7futpAGmNJ95LD+0LsD3egiLx/:gswigdVoD3egiLx/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0e8fd38fa63642d13a4f4489e525ad2

Files

e0e8fd38fa63642d13a4f4489e525ad2
.exe windows:5 windows x86 arch:x86

fc3ed4ad3c32ac7e3dc1d7c6e81c1463

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext

kernel32

lstrlenW

shlwapi

PathCombineW
PathFindFileNameW
PathMatchSpecW
PathRemoveFileSpecW
SHDeleteKeyA
StrCmpNIA
wnsprintfW
wvnsprintfA
wvnsprintfW

user32

FindWindowExA
GetClipboardData
GetKeyboardState
GetWindowThreadProcessId
LoadCursorA
OpenDesktopA
PeekMessageA
SendMessageA
SetProcessWindowStation
ToUnicode

Sections

.zcl
Size: 43KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ruh
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rkx
Size: 6KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ