dee7689cdee44579f38d253912fecb088d32f2492fce467911d52eb554783dd6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dee7689cdee44579f38d253912fecb088d32f2492fce467911d52eb554783dd6
Size

2.2MB
MD5

b0f9027e644362c58cc6d09f33637d10
SHA1

f51c0b64c3391c2864773b613d32118d7072d133
SHA256

dee7689cdee44579f38d253912fecb088d32f2492fce467911d52eb554783dd6
SHA512

441a2751712d1f15db359a68c13acdb6e090c9f0797ba27535590e1c0c430328ed17685207a9d5407ef86da41534eac6463a9bb4b11b2f813307ef22d8cbee1b
SSDEEP

49152:f9AAXlnoPu2QxYLcI6JWPuIo5J3pD7guLNx5M:femn0fG/sWsg72

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dee7689cdee44579f38d253912fecb088d32f2492fce467911d52eb554783dd6

Files

dee7689cdee44579f38d253912fecb088d32f2492fce467911d52eb554783dd6
.exe windows:4 windows x86

bd217368bd74bbf529521ce94ae81720

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

DeregisterEventSource

kernel32

CloseHandle

netapi32

Netbios

gdi32

BitBlt

user32

EnumThreadWindows

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

shell32

SHGetFolderPathW

Exports

Exports

@@Unit1@Finalize
@@Unit1@Initialize
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 821KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ