1c5a4e8d314f006e48b309cc33fcdb3bab7e20d07feebfc147a39301d95249d9[.]exe | Triage

Sharing

General

Target

1c5a4e8d314f006e48b309cc33fcdb3bab7e20d07feebfc147a39301d95249d9.exe
Size

41KB
MD5

6260eb8f66f79eb24188cd3df6994412
SHA1

e1a8e367c06644ddb8c003807d587d12ba25d724
SHA256

1c5a4e8d314f006e48b309cc33fcdb3bab7e20d07feebfc147a39301d95249d9
SHA512

b7361682db2c58a52fcc57f66ed320882a9f3919615f8c7bf0fb6d3c77332f4ae39fabb6395026e8fefaddc3b7899ab90ed18ea61385c6af01c7fab0b5488141
SSDEEP

768:WmNn7hiC8hT0zYmMUten89HuxLpxgKK3CU/OjSN:WmNn7hif0zYRUgnVJpxgKoCUdN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1c5a4e8d314f006e48b309cc33fcdb3bab7e20d07feebfc147a39301d95249d9.exe

Files

1c5a4e8d314f006e48b309cc33fcdb3bab7e20d07feebfc147a39301d95249d9.exe
.exe windows:4 windows x86 arch:x86

007768d5bac775f4025b0efc96fecfb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessA
FindResourceA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryA
LoadResource
LocalAlloc
LockResource
VirtualAllocEx
VirtualFree
VirtualProtect

user32

GetForegroundWindow
IsChild
IsIconic
IsWindow
IsWindowUnicode
IsWindowVisible
IsZoomed

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 64B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE