ets2(x64)v11921s+6tr[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ets2(x64)v11921s+6tr.exe
Size

2.0MB
MD5

c95ef01bbe025ae705fc60dc273aa27a
SHA1

e26dce4a473114f657d38b13216ff14790459d19
SHA256

0df1adb7946f4829faa16746c7cbb6295c99075debd710abf309dc7ece757539
SHA512

3b2cc93b5f1458da66c83378b8b5c2a507707e163724dc46c3b65fd10f1199f5e955878a00f9d364106a448be1f97c91f304ca8a5db4f285a34482224b14ab56
SSDEEP

49152:cx1OszmhtbROiEQQyjINCzxAg4pEM4dYQzgytK7cgA1:cx1zmhtF+B+Kg4b4dvzgnc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ets2(x64)v11921s+6tr.exe

Files

ets2(x64)v11921s+6tr.exe
.exe windows x64

f68dd12aaa399a36be4858dcdc118e19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

oleaut32

SysFreeString

advapi32

RegCloseKey

user32

CharNextW

gdi32

Pie

version

VerQueryValueW

ole32

IsEqualGUID

comctl32

ImageList_Add

msvcrt

memset

shell32

Shell_NotifyIconW

winspool.drv

OpenPrinterW

winmm

PlaySoundW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.MPRESS1
Size: 1.8MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE