e203f2d0fdefa79006f367cb09170f78 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e203f2d0fdefa79006f367cb09170f78
Size

188KB
MD5

e203f2d0fdefa79006f367cb09170f78
SHA1

83d7b56e31f202673b31b7ad56aebf2154e4da83
SHA256

52bb9fb4f8213940378b5b554a45d8d288d1f817427295e4da86a8554b807161
SHA512

03028696aace4653feebbb61f99b51b79324a14ad60eecc96c60ab52ba7745ad2c52cc57188767304eb9a63173eb24d8d4c8eb9434300a352d9418b88a2fd71f
SSDEEP

3072:A8shAiLX/KQBy1pEgNMcrT/nxOvIUswpOwQFICYrmveay8m/c+TYQQmrHkK/:7nCXvByXEgNFrrQzpOwkvOBrYQQ2x/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e203f2d0fdefa79006f367cb09170f78

Files

e203f2d0fdefa79006f367cb09170f78
.exe windows:5 windows x86 arch:x86

65f1779b686361b65fa2914474ac66e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\duukEjqePX\tebjnMurqSN\hdpqDVVttABxsx\tkHZOlVN.pdb

Imports

kernel32

SetCurrentDirectoryA
EnumResourceTypesA
GetFileInformationByHandle
FlushFileBuffers
WaitForSingleObjectEx
EnumSystemLocalesA
HeapAlloc

shlwapi

PathUnquoteSpacesW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

user32

GetForegroundWindow
MessageBoxW
KillTimer
CheckRadioButton

ntdll

RtlCaptureContext

Exports

Exports

?InsertCustomData@@YGKXZ

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code
Size: - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ