5604cf295674db925f43132ac590fa6527b81175f46a6c874e185502d772aad1 | Triage

Sharing

General

Target

5604cf295674db925f43132ac590fa6527b81175f46a6c874e185502d772aad1
Size

15KB
MD5

49e6a2ee90c11623135f2bb4cba3d9b5
SHA1

9137980198aabbf5f15685b3fc88b1c6b85ea1aa
SHA256

5604cf295674db925f43132ac590fa6527b81175f46a6c874e185502d772aad1
SHA512

23fb6311910fa55a3bc3fd97896e115c72975a926462ab5cd2334e15a95c8d30c0b33a4a27462fdcca2b350d15a261b290190c37fa9f29a799eca471a5b1b1c1
SSDEEP

192:4co1MmuocMdTzwz71tXbUz71tXbE9E37dVNSjDTB4L:4ThcMdIrbsrbE9E3xVNSj6L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5604cf295674db925f43132ac590fa6527b81175f46a6c874e185502d772aad1

Files

5604cf295674db925f43132ac590fa6527b81175f46a6c874e185502d772aad1
.exe windows:4 windows x86 arch:x86

952eccfa3e0f65648886e6dda6cf5d4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetVersionExA
GetWindowsDirectoryA
GetProcessHeap
HeapAlloc
HeapFree
LoadResource
LockResource
FindResourceA
GetModuleFileNameA
SetCurrentDirectoryA
SizeofResource
CopyFileA
lstrcatA
lstrcmpA
lstrcpyA
lstrcpynA
lstrlenA
GetCommandLineA
CreateProcessA
ExitProcess
DeleteFileA
MoveFileExA
RemoveDirectoryA
WritePrivateProfileStringA

user32

MessageBoxA
wsprintfA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

comctl32

InitCommonControls

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE