fefd25971f1bb13e5d65287968ac28f889e4ad28c396e647b95a2d2cddab63b9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fefd25971f1bb13e5d65287968ac28f889e4ad28c396e647b95a2d2cddab63b9
Size

173KB
MD5

cabe6b1a89c8b5b54aa8af529e51988b
SHA1

94266f2dfc749e1313352e8f24f3262314cd8c64
SHA256

fefd25971f1bb13e5d65287968ac28f889e4ad28c396e647b95a2d2cddab63b9
SHA512

5acb99a45f8b5b1277b29c3479d78d978a7362e616e9b5e23b657bc5359ae77d55edd23a5d58e896d861e9d3d3f7dcccccedf8289f2fdf977c18a2b04a0d8763
SSDEEP

3072:ybf31g1UmfeNgEsYaLDL6PuGrdrUp1pyjE0rASnWNRlqU0BcYEfGAeuISKydYt:yT21UmfeNFsYaLzGxU1UjDVWNRlqUSxK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fefd25971f1bb13e5d65287968ac28f889e4ad28c396e647b95a2d2cddab63b9

Files

fefd25971f1bb13e5d65287968ac28f889e4ad28c396e647b95a2d2cddab63b9
.dll windows x86

25c60a12b6a13998325851ab78713d18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetWindowThreadProcessId

gdi32

CreateFontIndirectA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

ExtractIconA

shlwapi

PathFindExtensionA

ole32

ReleaseStgMedium

oleaut32

SafeArrayDestroyData

guide_play

ord13

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 166KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE