7684cc428a06a39b04bcb7e8294e26a4c18ee1948b70979c8874a97a37ed2615 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7684cc428a06a39b04bcb7e8294e26a4c18ee1948b70979c8874a97a37ed2615
Size

1.3MB
MD5

abb6228e64c1b1c42708d91737a96a6a
SHA1

2043253c5e5273727c85f6c7a71045de843ebff7
SHA256

7684cc428a06a39b04bcb7e8294e26a4c18ee1948b70979c8874a97a37ed2615
SHA512

9139c07fcdd5ea2731048dff60472f826b7e0bed34be568ba10fd17a5149fabb7659d53a19f28c38a5abef8de3225c3dd71ee958d653286e439f273fb346761c
SSDEEP

24576:wMGr8Dnix24ONK6i56LTrJ6cipFU4AkEhN5tYdNrTCKMlRtvzV9NpPyoE4j:wRtov8FcMmadNfmRlgw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7684cc428a06a39b04bcb7e8294e26a4c18ee1948b70979c8874a97a37ed2615

Files

7684cc428a06a39b04bcb7e8294e26a4c18ee1948b70979c8874a97a37ed2615
.exe windows:5 windows x64

c57e4f526395288c8406444b38b1e657

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

shlwapi

StrStrA

user32

GetDC

gdi32

BitBlt

advapi32

FreeSid

shell32

SHChangeNotify

oleaut32

OleLoadPicture

version

VerQueryValueW

setupapi

CM_Get_Parent

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
dllMain_Name
main
main1
main5
mainB
mainB_
mainW
main_

Sections

.MPRESS1
Size: 1.3MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE