221ba4953a7f9d613d987b8dba2a4005 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

221ba4953a7f9d613d987b8dba2a4005
Size

1.2MB
MD5

221ba4953a7f9d613d987b8dba2a4005
SHA1

736f995941ebee3f1fc8cf028c43699254691e7e
SHA256

f7a432d389ba976a001ac1bed85f2ee62c60f85554ed53f83e15afa2049a421a
SHA512

802526c27f5832fcd5e68287b7be589a9e2ecb9c5099f9634259a48e395e5c6ff33debbec9e7b01d8a4315d5f3567c82d586883ed4ad9c4508041f643960c4ca
SSDEEP

12288:OhjR81E6g60wT0KklMRJM8aqsuOpHvXQSQGazD1w0bY8Cb7vykEI7QL1RlUOT9EB:sj5wT/kl4JMgsuOpHvAXG6/sQL7lU2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
221ba4953a7f9d613d987b8dba2a4005

Files

221ba4953a7f9d613d987b8dba2a4005
.exe windows:4 windows x86 arch:x86

308b044ba2ea38d1fceed185f3471e09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualProtect
GetCurrentThread
GetProcessId
ReadFileScatter

ole32

CoGetCurrentProcess
CoFreeUnusedLibraries
CoFileTimeNow
CoGetCurrentLogicalThreadId
CoCreateGuid
OleInitialize
OleUninitialize
CoGetContextToken

msimg32

vSetDdrawflag

winmm

midiInGetID

Exports

Exports

CreatePaint

Sections

.text
Size: 860KB - Virtual size: 860KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 82.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wqxj
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xirw
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ