4952459d8b31932bac0bea742d88882e827d09ec475fbdf3911437afaeaf1f80N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4952459d8b31932bac0bea742d88882e827d09ec475fbdf3911437afaeaf1f80N
Size

55KB
MD5

3d49d74d44510ca48f8581e098416a30
SHA1

c3e4638a313a5eb9b466ecaccfce0dae09260875
SHA256

4952459d8b31932bac0bea742d88882e827d09ec475fbdf3911437afaeaf1f80
SHA512

856d2e1de0eec8038e99816d20ff1322dbb974fc33d00a62befe383bec7680240619a0a7fefaa6de8500a1cb03e9b4be07a191a542cc98d02acb2d239556c41f
SSDEEP

768:1L2FXSC0nlArw+hewvHJSNsN17iLFJ8rI4iEyHLqsHTWu2jKpUnJnotsYMZ2IOzN:9uXSCYyvd0+jWZJ7RrqsHaayJ8hvN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4952459d8b31932bac0bea742d88882e827d09ec475fbdf3911437afaeaf1f80N

Files

4952459d8b31932bac0bea742d88882e827d09ec475fbdf3911437afaeaf1f80N
.exe windows:1 windows x86 arch:x86

b9034dcb326b2dae9d49504be2e41657

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
RtlUnwind

user32

GetActiveWindow
MessageBoxA

comdlg32

GetOpenFileNameA

crtdll

_iob
_itoa
__GetMainArgs
_strnicmp
abort
exit
fclose
fgetc
fopen
fputc
fputs
fwrite
localeconv
memcmp
memcpy
memmove
memset
pow
raise
signal
strcat
strchr
strncmp
strtol
wcslen
wctomb

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE