2dabde98d2c2da3fb3bb16ee0be1d7f45d4205a866418f63d20e36f5aed2b8db | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2dabde98d2c2da3fb3bb16ee0be1d7f45d4205a866418f63d20e36f5aed2b8db
Size

14.1MB
MD5

f01a1ff0982e4b43736af870ab96114c
SHA1

ab3f88248e59f2c8bec0f3efafd51d6b69cc1e4a
SHA256

2dabde98d2c2da3fb3bb16ee0be1d7f45d4205a866418f63d20e36f5aed2b8db
SHA512

be4517d054938d5bdfdcab67beb2e0a48542f4e6fca5ba3e21f9f81e41b5302f03eb85100ef19efb889f1bad76c7602f8f2be45b76bea6e01fbcaa32e58b1c2b
SSDEEP

98304:wllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllP:

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dabde98d2c2da3fb3bb16ee0be1d7f45d4205a866418f63d20e36f5aed2b8db

Files

2dabde98d2c2da3fb3bb16ee0be1d7f45d4205a866418f63d20e36f5aed2b8db
.exe windows:5 windows x86

833f6dfe6cb94518e71dfd2a6d8e546b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
UpdateResourceA
GetProcAddress
lstrcpy
lstrcatA
GetFileType
AllocConsole
LoadLibraryA
CreateFileA
GetModuleHandleW
CopyFileExA
LoadLibraryExA
OpenJobObjectW
CreateMutexA
GetACP

rsaenh

CPEncrypt
CPDeriveKey
CPCreateHash
CPGenKey
CPDecrypt

shell32

SHFileOperationW
DragFinish
SHGetDesktopFolder
ShellAboutA
SHGetFolderPathW
DragQueryFileW
DllGetClassObject
StrStrA
SHGetDataFromIDListW
ShellMessageBoxA
ShellExecuteW

ctl3d32

Ctl3dGetVer
Ctl3dUnregister
Ctl3dCtlColor

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jdata
Size: 1024B - Virtual size: 981B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14.1MB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ