e545d937eea16f2621a197fae11207ad65f76a35f454dc559fe433dc5d2f7005 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e545d937eea16f2621a197fae11207ad65f76a35f454dc559fe433dc5d2f7005
Size

786KB
MD5

37f9dd0fcc4e7de74f3940c459478034
SHA1

287178a5a1a9762a942c02cbd9a7a2e0cb75edea
SHA256

e545d937eea16f2621a197fae11207ad65f76a35f454dc559fe433dc5d2f7005
SHA512

aaf9b637b1e57317499944f1941d8ff1d989e8c4cb64a42cb445518ed047652598d986ac90c41671addf61ac38fefbba3be3f495cd52ac001a8ccf611b33bb94
SSDEEP

12288:xl7tL3O5CSaOwHjVy9LHYZIVCnwmDJG1IuYUoMisbh3F5Qe/UcHnxJaN:B+w4U8L4ZDsIpUtisbhF2e/pHx0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e545d937eea16f2621a197fae11207ad65f76a35f454dc559fe433dc5d2f7005

Files

e545d937eea16f2621a197fae11207ad65f76a35f454dc559fe433dc5d2f7005
.exe windows x64

234ecae781a7845c972346b1edefdddc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrA

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
dllMain_Name
main
main1
main5
mainB
mainB_
mainW
main_

Sections

.MPRESS1
Size: 519KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE