8f5334400a086e02928a5621dcb239001963980435105f2c8ca237813a55022bN | Triage

Sharing

General

Target

8f5334400a086e02928a5621dcb239001963980435105f2c8ca237813a55022bN
Size

62KB
MD5

f88f7ac30f96a6b8db13a9ace23b1150
SHA1

0b6584cb9148b9c9ed7683207d7d730e7ce3f76e
SHA256

8f5334400a086e02928a5621dcb239001963980435105f2c8ca237813a55022b
SHA512

85604c85cb1b78e45d34baa75cbcd718d0797bae410df59cdc15f18c1559c295506a6e61d8d3b3dd5587326b2c6c1f8c1f062407cf4c3896fae5ca13968b210f
SSDEEP

1536:lYgX+YKSELfDJEG4rhBv9cgxgut+JgY8:O4+dSEfNEbrv9Tt+Jgn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f5334400a086e02928a5621dcb239001963980435105f2c8ca237813a55022bN

Files

8f5334400a086e02928a5621dcb239001963980435105f2c8ca237813a55022bN
.exe windows:4 windows x86 arch:x86

4dd745d508216a42c379adf81f1752e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
VirtualProtect
VirtualAlloc
HeapAlloc
GetModuleHandleA
WideCharToMultiByte
CloseHandle
UnmapViewOfFile
CreateProcessW
GetCommandLineA
HeapReAlloc
GetEnvironmentVariableW
lstrcpyA
TryEnterCriticalSection
lstrcmpiW
GetFileAttributesW
ResetEvent
CreateFileA
OpenMutexW
GetSystemTimeAsFileTime

advapi32

RegQueryValueExA
DuplicateTokenEx
CryptReleaseContext
CryptGetHashParam
RegCloseKey
CryptHashData
CryptCreateHash
RegCreateKeyExA
RegEnumKeyExA
GetUserNameW
RegSetValueExA

user32

GetWindowTextA
PeekMessageA
ToUnicode
CloseDesktop
DrawIcon
SetThreadDesktop
SendMessageA
OpenWindowStationA
LoadCursorA
GetDlgItemTextA
GetClassNameA
OpenDesktopA
GetCursorPos

shlwapi

SHDeleteKeyA
PathFileExistsW
wnsprintfW
StrCmpNIW
wnsprintfA
wvnsprintfW
PathCombineW
wvnsprintfA
StrCmpNIA

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE