eb679bd769da56cb2718194686bee43b97fd61f4099d24b73a707c2b9d955036 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eb679bd769da56cb2718194686bee43b97fd61f4099d24b73a707c2b9d955036
Size

2.2MB
MD5

51b3cd31d0e37a77179b0b5d0ea15d84
SHA1

6f99497b3f89b3773bb27c6fbe8873a6090e8ff4
SHA256

eb679bd769da56cb2718194686bee43b97fd61f4099d24b73a707c2b9d955036
SHA512

dba0a3e7c17aff661711c253706edcef20c2c532b832f0e6548824fee9503b00dd325b5b4d71b524415bae9f289607b5ebb047545c19eb4367c917aad122b809
SSDEEP

49152:HN4XPdUtymq6W+Qsh5d8H4vnwlriv5rZqlhAqm8ZfQ:Hm/dG5qGQ8d9vnkiv+ZfQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eb679bd769da56cb2718194686bee43b97fd61f4099d24b73a707c2b9d955036

Files

eb679bd769da56cb2718194686bee43b97fd61f4099d24b73a707c2b9d955036
.exe windows x86

74340ede4512282434da6db55311770f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

borlndmm

@Borlndmm@SysGetMem$qqri

version

VerQueryValueA

gdi32

UpdateColors

ole32

CoTaskMemFree

comctl32

ImageList_GetImageInfo

shell32

Shell_NotifyIconA

comdlg32

GetSaveFileNameA

wsock32

WSACleanup

winmm

PlaySoundA

msvcrt

_ftol

setupapi

SetupDiGetDeviceRegistryPropertyA

Sections

CODE
Size: 2.2MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE