f6e999dd820b169a66a0d1488585ed25b89c5caf4a93e7bb041f07df50e96163 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6e999dd820b169a66a0d1488585ed25b89c5caf4a93e7bb041f07df50e96163
Size

9.1MB
MD5

e6b50f64c36561d83f86cd04764d845e
SHA1

640d971f9a89b8e786ebc3d2080efabb5a258cc1
SHA256

f6e999dd820b169a66a0d1488585ed25b89c5caf4a93e7bb041f07df50e96163
SHA512

3ab64bd76fa79521ce3beb948a298938a9585a39726274cb81f81a5ec36f4dafea09575f2ce07690632188d68cb999c3f9f3f225ac4a40aeb8762d3fbba854e5
SSDEEP

196608:RPjX3rFwkixJNbAnqhXw3Z8+DgoBZVMK0NTkxJydQkSssQdnSEemlAOH:RPTKxJNv4/DgofefNoje3vnSzUAOH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6e999dd820b169a66a0d1488585ed25b89c5caf4a93e7bb041f07df50e96163

Files

f6e999dd820b169a66a0d1488585ed25b89c5caf4a93e7bb041f07df50e96163
.exe windows:5 windows x86 arch:x86

2e319400b12556a8faa93c71e1cc91dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsZoomed

gdi32

CreateCompatibleBitmap

msimg32

TransparentBlt

winspool.drv

ClosePrinter

advapi32

RegQueryValueA

shell32

SHGetPathFromIDListA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA

uxtheme

DrawThemeText

ole32

DoDragDrop

oleaut32

DispCallFunc

oledlg

ord8

winmm

PlaySoundA

gdiplus

GdipCreateFromHDC

oleacc

AccessibleObjectFromWindow

imm32

ImmReleaseContext

Sections

.text
Size: 9.0MB - Virtual size: 14.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE