da14709e93b30f72e34c3e5cfd749c67f9f65208f49e8787d4344fed09f2edc8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da14709e93b30f72e34c3e5cfd749c67f9f65208f49e8787d4344fed09f2edc8
Size

1.9MB
MD5

eafc31b854b37bbbe4ca0e793bf28ad1
SHA1

be319e12844b43f276dd39e9fe4e804491d79f97
SHA256

da14709e93b30f72e34c3e5cfd749c67f9f65208f49e8787d4344fed09f2edc8
SHA512

fa21ab7a63b9910a830eee8fa33f88da975cd13d74578310f9eac837224a4691a0d6e2d4d055d467bd1f8fa64ad718152cc54e4233fd2228ebcd1caba3bf89de
SSDEEP

49152:lKNw0niNnuFScuFFFGwDU6arnwcVyxN6YmQV0ZeW+b:lKzi0FS9OwkrwcVyxrJb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da14709e93b30f72e34c3e5cfd749c67f9f65208f49e8787d4344fed09f2edc8

Files

da14709e93b30f72e34c3e5cfd749c67f9f65208f49e8787d4344fed09f2edc8
.exe windows:6 windows x64 arch:x64

a267797a454c3e511adf7ab26e650b48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

htons

winmm

joyGetPosEx

version

VerQueryValueW

comctl32

ImageList_Create

psapi

GetProcessImageFileNameW

wininet

InternetOpenW

shlwapi

StrCmpLogicalW

uxtheme

IsAppThemed

dwmapi

DwmGetWindowAttribute

user32

GetDC

gdi32

BitBlt

advapi32

RegCloseKey

shell32

DragFinish

ole32

CoGetObject

oleaut32

SafeArrayUnaccessData

Sections

.MPRESS1
Size: 1.8MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE