824f68360c5cf8ed9e13c6fe00051e3950b32e8194e1301d549aad3aca28df8a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

824f68360c5cf8ed9e13c6fe00051e3950b32e8194e1301d549aad3aca28df8a
Size

9.3MB
MD5

42bdc10f7daa36843d876dd6b8980bf3
SHA1

0a4056c1bfdc4a6d9e445220a1ddbe59d441ceeb
SHA256

824f68360c5cf8ed9e13c6fe00051e3950b32e8194e1301d549aad3aca28df8a
SHA512

fe179952db31e8398ce733fed8e18c85f1a8c6cddd734bd1133c275a9f53b85b90b6e886e83f53c819691ce0a162996cbbca9e67b225191f8cf9b9b03200ba9f
SSDEEP

196608:JkSSDU8Nps/1PgvyyLmXg5/3yBZEs+uVWrzroVc1L:JI8/1YoYykvzQcl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
824f68360c5cf8ed9e13c6fe00051e3950b32e8194e1301d549aad3aca28df8a

Files

824f68360c5cf8ed9e13c6fe00051e3950b32e8194e1301d549aad3aca28df8a
.exe windows:5 windows x86

1db614cd396dbf9600010feacaf6c3a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsRectEmpty

msimg32

AlphaBlend

shlwapi

PathStripToRootA

uxtheme

CloseThemeData

winmm

PlaySoundA

gdiplus

GdipCreateFromHDC

oleacc

LresultFromObject

imm32

ImmGetContext

gdi32

GetObjectType

winspool.drv

DocumentPropertiesA

advapi32

RegCloseKey

shell32

DragQueryFileA

ole32

RevokeDragDrop

oleaut32

VariantClear

Sections

.text
Size: 9.3MB - Virtual size: 12.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE