8b3aa640f2d2554d6f204ce8c1cde340717e60632ab41d03326fe19a0380c43a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b3aa640f2d2554d6f204ce8c1cde340717e60632ab41d03326fe19a0380c43a
Size

5.1MB
MD5

b79b3bafd213235e551ec7f5053c7670
SHA1

f2104e0b4b91f02a8cbbba0ca97f3cb9e79b70f7
SHA256

8b3aa640f2d2554d6f204ce8c1cde340717e60632ab41d03326fe19a0380c43a
SHA512

bc198773db8410f44dee088d2eb82fcc95f5acf10456ad528b9814d6d12cf31e242be868d120a0011745c426f23b10189c37154a3eb23e84fbf95914b763fa16
SSDEEP

98304:3bFnWSOKi1kJaeSpsVQ8CmfBEa94UL6meFvKYDoxbDePjS/+9huhaf+U:BnW5Ki1annVRf2abcvlDsePjSy81U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b3aa640f2d2554d6f204ce8c1cde340717e60632ab41d03326fe19a0380c43a

Files

8b3aa640f2d2554d6f204ce8c1cde340717e60632ab41d03326fe19a0380c43a
.exe windows:4 windows x86

c4d1f5a193b3592633b5c924730d7a75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

LoadStringW

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance

gdi32

DeleteObject

comctl32

InitCommonControlsEx

wininet

InternetOpenA

gdiplus

GdipSetClipRegion

atl

ord42

shlwapi

PathRemoveFileSpecW

crypt32

CryptStringToBinaryW

msimg32

AlphaBlend

oleaut32

VariantTimeToSystemTime

Sections

.text
Size: 5.1MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE