mesowv121+13tr[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mesowv121+13tr.exe
Size

3.0MB
MD5

775a339322a3705ad86c526aebc5e42b
SHA1

6332199ee7f235267fbf64c7eea983632545aff0
SHA256

dfc7a6dc0f3f5089d29751801241ffc1b4066c7ca5405f0382ff45e8194ed02c
SHA512

b09127b9704f2e9779172676f65d2ee205c49400083278da2ca2710913f52d2a890688331557e49140a3cb149347d7c05404e01645554ad11c909061ea30a37f
SSDEEP

49152:gkmdvhwj5r/AjYbiEk4w8z6jARqlov0o+p3kB2ovSDib4QsXed3wDsMM0rir:EvajtriBFAMO0lp0so6gPKe1W3ir

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mesowv121+13tr.exe

Files

mesowv121+13tr.exe
.exe windows:6 windows x64

1734ea0a584c9857d44f3001af4838d5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

PlaySoundW

winspool.drv

ClosePrinter

comdlg32

FindTextW

comctl32

ImageList_Add

shell32

ShellExecuteW

user32

GetDC

version

VerQueryValueW

oleaut32

VariantInit

advapi32

RegLoadKeyW

msvcrt

memcpy

ole32

IsEqualGUID

gdi32

Pie

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.MPRESS1
Size: 2.7MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE