e28602d9fb5c2a4b76328e39700cd8b2198329f1ecbd98478c223231c5276c24 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e28602d9fb5c2a4b76328e39700cd8b2198329f1ecbd98478c223231c5276c24
Size

9.6MB
MD5

4beb91d46c2599c60518b3b0c2487980
SHA1

f07fcbc585576910c3e05e70d38bee4adf38d2a7
SHA256

e28602d9fb5c2a4b76328e39700cd8b2198329f1ecbd98478c223231c5276c24
SHA512

182a640e9ace14ff779d7c409ed7f54a6ac1d855f8b81bd18486eb8c1aea764d93d9dd24bf0d6775722c48f1724bcf125416de2264bbd52e8b37eda6895d3f61
SSDEEP

196608:amlAgqCT62C6sDGeW9vkfxL7iwx5ErFuvYRyC2CQsdTtF9+TN:HMhDGBcPiwxqrFWYSctF9s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e28602d9fb5c2a4b76328e39700cd8b2198329f1ecbd98478c223231c5276c24

Files

e28602d9fb5c2a4b76328e39700cd8b2198329f1ecbd98478c223231c5276c24
.exe regsvr32 windows x86

874efdd5f77f75307288bab20855d170

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

UpdateLayeredWindow

gdi32

GetTextExtentPoint32W

msimg32

AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

GetJobA

advapi32

OpenThreadToken

shell32

SHAppBarMessage

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionA

ole32

OleSetContainedObject

oleaut32

VariantClear

oledlg

ord8

urlmon

CreateURLMoniker

winmm

PlaySoundA

gdiplus

GdipGetImagePixelFormat

oleacc

LresultFromObject

imm32

ImmReleaseContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 9.6MB - Virtual size: 16.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE