64e99a852bdbb2cdf28b247545b1edea6b6e2acd9e529c404cd36c4814f91df4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64e99a852bdbb2cdf28b247545b1edea6b6e2acd9e529c404cd36c4814f91df4
Size

171KB
MD5

18b2cec0abd48b6e297e55b0e1807b32
SHA1

2da1ecc58e673682f87fc8f2cdb657c50144b179
SHA256

64e99a852bdbb2cdf28b247545b1edea6b6e2acd9e529c404cd36c4814f91df4
SHA512

ec1141473bd45b156dcba5287ff9a8546f273a3623dc7999c2149f3869b70fd4ba905a83f4926c978a85015d966df88223feac0537e9fa647f5ade551edd2546
SSDEEP

1536:s9SsmEuUQ0/Siir+jJuCGEvkznmP+upxEJcoLN4LZ8BSaPXDeN:uT/NbGEv8mWupxEKoBuiB/XDU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64e99a852bdbb2cdf28b247545b1edea6b6e2acd9e529c404cd36c4814f91df4

Files

64e99a852bdbb2cdf28b247545b1edea6b6e2acd9e529c404cd36c4814f91df4
.exe windows:4 windows x86 arch:x86

b52f1898b4b003f762f5b9c03e005e8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA
MessageBoxA
GetClassNameA
IsWindowVisible
GetAsyncKeyState
GetWindow
GetWindowThreadProcessId

kernel32

ReadFile
LCMapStringA
LoadLibraryA
FreeLibrary
Sleep
GetLocalTime
GetStartupInfoA
CreateProcessA
OpenProcess
GetModuleHandleA
GetProcAddress
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
CloseHandle
WaitForSingleObject
GetExitCodeThread
VirtualProtectEx
WriteProcessMemory
CreateToolhelp32Snapshot
Module32First
CreateThread
OpenEventA
CreateEventA
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
WriteFile
GetFileSize
CreateFileA
MoveFileA
DeleteFileA

msvcrt

malloc
_CIfmod
_CIpow
strchr
realloc
memmove
__CxxFrameHandler
sprintf
strncpy
atoi
??3@YAXPAX@Z
strncmp
??2@YAPAXI@Z
modf
_ftol
free

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ