e1f20a8ba028d6bc666f4bb57cb1045b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1f20a8ba028d6bc666f4bb57cb1045b
Size

111KB
MD5

e1f20a8ba028d6bc666f4bb57cb1045b
SHA1

2706d23bb3b6766356d412d0f78a81735264e550
SHA256

bdc094a5f5f6766f8750188faf736cbb4172bdabede9ccd5f048beb348f1e0e5
SHA512

8bfbfef6b2837200420ebeecb2354a61c62f828b6add32b9fe94bbc1a6a8061de5739bd800a7ea4cacafb24bad85cf463d11ddcf0d0288cf748b511ce40e102a
SSDEEP

1536:8gf4HbZiynxzAR7jfEOQf36R6RTvpyVZpIx86wmVatoi6sdGTaWr3EilnBl5QUZF:FyNA5jfrQfuwyVsx4mVatoi6GRwnmUn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1f20a8ba028d6bc666f4bb57cb1045b

Files

e1f20a8ba028d6bc666f4bb57cb1045b
.exe windows:4 windows x86 arch:x86

ced34bc638e657690c17810fb1af675f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessInternalW
GetCurrentProcessId
lstrcmpA
GetACP
GetUserDefaultLangID
IsDBCSLeadByte
GetCommandLineA
VirtualAlloc
GetSystemDefaultLCID
TlsFree
GetLogicalDrives
GetModuleFileNameA
lstrcatA
GetDriveTypeW
GetCurrentThread
TlsSetValue
GetModuleHandleW
TlsGetValue
GetOEMCP
GetCurrentThreadId
FreeLibrary

user32

GetActiveWindow
GetWindowLongA
GetDC
UpdateWindow
IsWindowVisible
GetClassLongA
ShowWindow
GetWindowTextLengthA
GetFocus
GetForegroundWindow
IsIconic
CloseWindow
GetWindowDC
GetSystemMetrics
RegisterClassA
GetWindowTextA
GetWindow
ReleaseDC
BeginPaint

imagehlp

CheckSumMappedFile
FindFileInPath
FindDebugInfoFile
BindImage
ImageLoad
ImageNtHeader

sxs

CreateAssemblyCache
SxsInstallW
CreateAssemblyNameObject
SxsLookupClrGuid

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 581B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ