41c99249e833917cd7df2ed96be2d90db6d0972eaec36d82fb61313d26950d3d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41c99249e833917cd7df2ed96be2d90db6d0972eaec36d82fb61313d26950d3d
Size

41KB
MD5

8c72b143ed3c77d86c7e3fa74dbf5d7c
SHA1

56962a9865f657421a3c79c3e76cdd85a5e44450
SHA256

41c99249e833917cd7df2ed96be2d90db6d0972eaec36d82fb61313d26950d3d
SHA512

620914349a8f6220b5109500a7b8ddfc88091cf703596bb85c587fe6ce4b1683c73eedf1dfbf85914d2805af6bf0d7cebba01f40311253db7852f7be67fc4dc6
SSDEEP

768:31BnKW9xXFF0hpM8OXRXiC/A+w+8m831T3CU/OjSN:FZKW9xXk7+liwh8m831zCUdN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41c99249e833917cd7df2ed96be2d90db6d0972eaec36d82fb61313d26950d3d

Files

41c99249e833917cd7df2ed96be2d90db6d0972eaec36d82fb61313d26950d3d
.exe windows:4 windows x86 arch:x86

007768d5bac775f4025b0efc96fecfb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateProcessA
FindResourceA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryA
LoadResource
LocalAlloc
LockResource
VirtualAllocEx
VirtualFree
VirtualProtect

user32

GetForegroundWindow
IsChild
IsIconic
IsWindow
IsWindowUnicode
IsWindowVisible
IsZoomed

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 64B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE