ce9d1162748391d3058a4b0f2f57271f25865006fd0914b324a3e5d737a1dc64 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce9d1162748391d3058a4b0f2f57271f25865006fd0914b324a3e5d737a1dc64
Size

7.8MB
MD5

4f6fd7b6913168061cde6f1543bd97ff
SHA1

68bef337c5f9165b46a3087d08bf67b959f19b7d
SHA256

ce9d1162748391d3058a4b0f2f57271f25865006fd0914b324a3e5d737a1dc64
SHA512

556b9cfbfcd73d0262c180fefcffa3c2e833a3872634703583fdd4b8507daf9fddb89f658617637ac0121daf0d826e828b63baac3ba41a3d31ee0d6daa4be01b
SSDEEP

196608:Nd1CQEZxTdfL8g9hStukMEgAYMjnwfBzHRY18lDBM:Ni1TTF8g9E2pUD8jRY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce9d1162748391d3058a4b0f2f57271f25865006fd0914b324a3e5d737a1dc64

Files

ce9d1162748391d3058a4b0f2f57271f25865006fd0914b324a3e5d737a1dc64
.exe windows:5 windows x86

521d9b386a8887d67c2d39bb4f1caa63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

RegisterClassA

gdi32

CreateSolidBrush

msimg32

AlphaBlend

comdlg32

GetFileTitleA

winspool.drv

GetJobA

advapi32

OpenThreadToken

shell32

SHAppBarMessage

comctl32

ImageList_AddMasked

shlwapi

PathRemoveExtensionA

ole32

OleSetContainedObject

oleaut32

SafeArrayDestroy

oledlg

ord4

oleacc

LresultFromObject

gdiplus

GdipCreateBitmapFromStream

imm32

ImmGetOpenStatus

winmm

PlaySoundA

Sections

.text
Size: 7.8MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE