b1f392a3002796115389a26fcb3695d71df6986583b202891261d09724b3d915 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1f392a3002796115389a26fcb3695d71df6986583b202891261d09724b3d915
Size

13.1MB
MD5

d8bd1b677ae1e9c53f034e16edead3cb
SHA1

bb61b44da7debd8972344ad1518aba365b9977d8
SHA256

b1f392a3002796115389a26fcb3695d71df6986583b202891261d09724b3d915
SHA512

18b70ca4164e0e4224ca6f37e7db2dd4a5d7819f669769fc737960ec1a0265fc4d11b854881ef0e99aa01146715961b2f94231a75b39ff748a24662304eacbd8
SSDEEP

393216:6/8rMMRkHe1U3XOKA/w7FQC9HnCFUfAQlMmGzmUDn:604MqHe1UHOb/bKnsUfHMmUDn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1f392a3002796115389a26fcb3695d71df6986583b202891261d09724b3d915

Files

b1f392a3002796115389a26fcb3695d71df6986583b202891261d09724b3d915
.exe windows:4 windows x86

982c785999a1ea50ee6ae4b03c387514

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

RegCloseKey

comctl32

ImageList_Add

gdi32

Pie

oleaut32

LoadTypeLib

shell32

DragFinish

user32

GetDC

version

VerQueryValueA

winmm

waveOutOpen

winspool.drv

OpenPrinterA

ws2_32

recv

comdlg32

ChooseFontA

ole32

OleInitialize

Sections

.MPRESS1
Size: 13.0MB - Virtual size: 35.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE