f9eb4311aa4b349857f02d34a0d38cedf94e72124b22996c36c1a6f44f81972c | Triage

Sharing

General

Target

f9eb4311aa4b349857f02d34a0d38cedf94e72124b22996c36c1a6f44f81972c
Size

680KB
MD5

2cecb0c9152640692dea0afc75b787ee
SHA1

5c3c0f10f79920077f2da65b1261d56b0d424d5b
SHA256

f9eb4311aa4b349857f02d34a0d38cedf94e72124b22996c36c1a6f44f81972c
SHA512

721e913bba125a88b1cdf5ca01d2903906f67511af7f5b7bdcc75d13c0436b5c2896263dec62e749e3b8b22634b014390b7b94d456927af7762d780a82381ff2
SSDEEP

6144:Pmu6RuoJdOMDUmeNY2B8cPJKYOoWT4HQ/uMIQT0uIwtST+TVPTSAD6RVhQ18n2:uKovzUDb8WKYOd/D4uxpPGAAoi2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9eb4311aa4b349857f02d34a0d38cedf94e72124b22996c36c1a6f44f81972c

Files

f9eb4311aa4b349857f02d34a0d38cedf94e72124b22996c36c1a6f44f81972c
.exe windows:4 windows x86

41362d28d86b83592623eebc60729439

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

powrprof

SetActivePwrScheme

pdh

PdhGetFormattedCounterValue

psapi

GetModuleFileNameExA

version

GetFileVersionInfoSizeA

shfolder

SHGetFolderPathA

user32

PostQuitMessage

gdi32

GetViewportExtEx

comdlg32

ChooseColorA

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

DragQueryFileA

comctl32

ImageList_GetIconSize

oledlg

ord8

ole32

CoFreeUnusedLibraries

olepro32

ord253

oleaut32

VarDateFromStr

Sections

.text
Size: 263KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE