fed371404e49ca8107b497a8c2e260f0_exe32[.]exe | Triage

Sharing

General

Target

fed371404e49ca8107b497a8c2e260f0_exe32.exe
Size

333KB
MD5

fed371404e49ca8107b497a8c2e260f0
SHA1

9765913cfd8e54ca94c344919a84f09f8551fe16
SHA256

663dad6ce9796678d8d4ffccc91f9e6c2cd8ff0b03d9eb3506c8f207e0a5ff41
SHA512

68013584a4f0e5c320917054f132c628459be5b56f1ffc3a314d943104072d2ccda273ff84dfde27981fc320a846adfd42ae8aa0938fea600618206876ad635f
SSDEEP

6144:asgDYs7ivUxR3JyVVVhmb9ObGT4F53eRFM/O17x0M7unOuO5LvxkKA:asgESlJyrTI9O8aYR717x0M7/o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fed371404e49ca8107b497a8c2e260f0_exe32.exe

Files

fed371404e49ca8107b497a8c2e260f0_exe32.exe
.exe windows:5 windows x86

a47ce5d99cbb64369bb7347a4fefab1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

advapi32

RegCloseKey

shell32

ShellExecuteA

ws2_32

gethostbyaddr

iphlpapi

GetAdaptersInfo

wtsapi32

WTSRegisterSessionNotification

oleacc

LresultFromObject

gdi32

SaveDC

winspool.drv

OpenPrinterW

oleaut32

VariantClear

Sections

.MPRESS1
Size: 280KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE