cfa96870e62c36194baa54ab0a397ebb02c624fd7a09b3a5bff34c872f57a773 | Triage

Sharing

General

Target

cfa96870e62c36194baa54ab0a397ebb02c624fd7a09b3a5bff34c872f57a773
Size

768KB
MD5

e6f954e7fff6731d1cf0348cec7f92d4
SHA1

bc8cf38336635bbc6fdef1068268721f252f893c
SHA256

cfa96870e62c36194baa54ab0a397ebb02c624fd7a09b3a5bff34c872f57a773
SHA512

29c6adefd0e6095c13726ba6d3d850ba71a0bf9db030ffdbfdc81738203ce82a79a0a6dfb8b62cab7a2149d85ed1b931a07c455e0f0ca9e98486d8ff6574ef83
SSDEEP

12288:FhSbYALcBSs+j9iuBZGjdvLr5KpTTXu1BDkvLQcoWwJ2tf03fQcqKgBHMMvNIfmu:FpAi+j9iyuJKp3oB4vLQcZwZpqKgJOmK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfa96870e62c36194baa54ab0a397ebb02c624fd7a09b3a5bff34c872f57a773

Files

cfa96870e62c36194baa54ab0a397ebb02c624fd7a09b3a5bff34c872f57a773
.exe windows:6 windows x86

a0ce46cf572a5f5070fa90e5e9cd25df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

winhttp

WinHttpOpenRequest

winspool.drv

ClosePrinter

uxtheme

GetThemeSysColor

advapi32

RegOpenKeyExW

shell32

DragQueryFileW

gdi32

SetPaletteEntries

shlwapi

StrFormatKBSizeW

gdiplus

GdipAlloc

msimg32

AlphaBlend

user32

GetMenuItemCount

ole32

CoDisconnectObject

oleaut32

VariantCopy

oleacc

LresultFromObject

imm32

ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 714KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE