852aa4e131cdcb1cf3a30a893a2ac7d745b8fd4de6af2764f28c453a96309263N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

852aa4e131cdcb1cf3a30a893a2ac7d745b8fd4de6af2764f28c453a96309263N
Size

21KB
MD5

2110a9f211b3da03313e19fa71c6baa0
SHA1

3abfb2ce5e6c24a2abb92693924a0d28af9ef5e5
SHA256

852aa4e131cdcb1cf3a30a893a2ac7d745b8fd4de6af2764f28c453a96309263
SHA512

49eba4302fab19ed445c6301f713caf525e9bb24e387bb424775ea83064fd7381bea3e6224a3838705c618e99a51239023f0aeb73bf021d553422ce4034e7054
SSDEEP

384:mCrq1TkYdWac3VGA/FzMGMB3hrGr70YopXuIm3SBsPYd54nwj9s17IBNWxjF:mCrmWn4A/Bgly70LzmCiPYdMwj9yX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mkw_engineering_ltd.scr

Files

852aa4e131cdcb1cf3a30a893a2ac7d745b8fd4de6af2764f28c453a96309263N
.cab
mkw_engineering_ltd.scr
.exe windows:4 windows x86 arch:x86

acab295c47731c41048e306f75795a34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

odbctrac

TraceSQLCancel
TraceSQLConnect
TraceSQLBindCol
TraceSQLFetch

ctl3d32

Ctl3dGetVer
Ctl3dRegister

kernel32

GetDateFormatW
GetCurrentDirectoryA
SleepEx
GetNumberFormatW
LoadLibraryA
GetCurrentProcess
FindResourceExA
GetConsoleAliasW
GetComputerNameA
GetAtomNameA
CloseHandle
FormatMessageA
GetSystemInfo
HeapCreate
SetEnvironmentVariableA
InterlockedExchange
CreateDirectoryA
CopyFileA
CreateMutexA
InterlockedDecrement
GetFullPathNameA
WriteProcessMemory
SetErrorMode
GetCurrentThreadId
FoldStringW
GetPrivateProfileIntA

certcli

CAEnumCertTypes
CAEnumNextCA
CADeleteCA

user32

GetWindowLongA
IsCharLowerA
LoadImageA
PeekMessageA
DialogBoxParamW
GetMessageA
wsprintfA
IsWindow
SetFocus
DrawIcon
LoadCursorA
PostMessageA
DispatchMessageA
CreateWindowExW
CharToOemA
GetWindowTextA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ