afdfdb1f17bc9dbeb846a309c5896786fac7387e7857c031c234b348909f1bd5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

afdfdb1f17bc9dbeb846a309c5896786fac7387e7857c031c234b348909f1bd5
Size

8.9MB
MD5

9f92647fe794b4254831cf5720a48ac6
SHA1

725f0cb8d227b9ed6a1f657c086e2db16912e6a1
SHA256

afdfdb1f17bc9dbeb846a309c5896786fac7387e7857c031c234b348909f1bd5
SHA512

e5aca2464d83609ce87b5114f91a71321e0fb554f215062fc0c1087f906ee30630fd8b3dbc62ff33392b87ff7ee508133d4706044d29872c538d6420de430af3
SSDEEP

196608:Z/SgY3yyG2PryiQWHiD+d+XJJznZrsNi6P8ulhQBSs7hA1:VaiyBr5bCid+X7znxsNtId7u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afdfdb1f17bc9dbeb846a309c5896786fac7387e7857c031c234b348909f1bd5

Files

afdfdb1f17bc9dbeb846a309c5896786fac7387e7857c031c234b348909f1bd5
.exe windows:5 windows x86 arch:x86

5b39b0d754ea790e411c964ce91fb8e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

TrackPopupMenu

gdi32

CreateFontIndirectA

msimg32

AlphaBlend

winspool.drv

ClosePrinter

advapi32

RegCreateKeyExA

shell32

SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootA

uxtheme

GetWindowTheme

ole32

CreateOleAdviseHolder

oleaut32

OleCreateFontIndirect

oledlg

ord6

winmm

PlaySoundA

gdiplus

GdipCreateFromHDC

oleacc

AccessibleObjectFromWindow

imm32

ImmReleaseContext

Sections

.textbss
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 8.8MB - Virtual size: 18.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE