15338185f2edc42b6ba7ef2a16c3cf90[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15338185f2edc42b6ba7ef2a16c3cf90.exe
Size

3.1MB
MD5

15338185f2edc42b6ba7ef2a16c3cf90
SHA1

9141a5deba487ef7b33b9795b7744621f2a3550c
SHA256

8b797d5eb755101fbe821f125cfef241be994de6dd063b4e19216d8c545a87c4
SHA512

ddafc81789a295b5c69fcb2e69a0124681db27be76fa545d55f2556e2e3729a717dd76950f4f60ca4341575ecbe9f16e1b8b9d3a2cb75d958201c2de329dfbf1
SSDEEP

49152:aze8wAG8JM9gqjBg6O+s/R82KSvUOGJyDfKnMkUUBa2OBNDKHUnO4HBT:2NhPiBg6Of/R82KS0hnMkU52OBgHLC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15338185f2edc42b6ba7ef2a16c3cf90.exe

Files

15338185f2edc42b6ba7ef2a16c3cf90.exe
.exe windows:6 windows x86 arch:x86

6ea02e00483c90b3f210e2d517ab619a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetSystemMetrics

gdi32

CreateCompatibleBitmap

advapi32

RegCloseKey

shell32

SHGetFolderPathA

wininet

HttpOpenRequestA

gdiplus

GdiplusStartup

ws2_32

closesocket

Sections

.MPRESS1
Size: 3.0MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE