d400c7f7aa31b0a99ad30f0e3d67b6ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d400c7f7aa31b0a99ad30f0e3d67b6ab
Size

962KB
MD5

d400c7f7aa31b0a99ad30f0e3d67b6ab
SHA1

c9416f0b9d153ff6bda5b18b284ce0d6a0207396
SHA256

f32b92ac30f3b63d5b56d5cfa23c38369fc30b6b36ad355bbb6e6c252932dde3
SHA512

e2be5cbf784c441fe63709857c4468ebb3c08522afd5e1b6168923fcae236b86db1bdb7415a94b59ddc31b47a4305675345e9c2909653dc2e2009d2b04ef946b
SSDEEP

12288:WHjcoe9PH96vB/fAuBcm9TyOE/xG3muGx44MG4Yx:WDgINfAuBcgcZG2uG24MG4Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d400c7f7aa31b0a99ad30f0e3d67b6ab

Files

d400c7f7aa31b0a99ad30f0e3d67b6ab
.exe windows:5 windows x86 arch:x86

b36eb9a4c6fca2002f3fab21d6da4be8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

EndPaint

advapi32

RegCloseKey

shell32

ShellExecuteA

iphlpapi

GetAdaptersInfo

ws2_32

htonl

wtsapi32

WTSRegisterSessionNotification

Sections

.MPRESS1
Size: 438KB - Virtual size: 828KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zz
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_READ