040f6e0b5ef4d5ff80e8da67638919c3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

040f6e0b5ef4d5ff80e8da67638919c3
Size

1.3MB
MD5

040f6e0b5ef4d5ff80e8da67638919c3
SHA1

f0e5587ba407ccd26419a3049f1eee1fe1da8243
SHA256

e25b6b3e9ad0d4fc06fa96c4a4ff22dcfeaae7bc0cd2169d74d0880cb6e4a562
SHA512

ce15905c5b0c0a6fa40eb43fb767f4bbd68c36545266553f5e5ff87061d96489c49d1ec5f2ff63b44073cd4a371e3ce34101077816b601720d36e27292f4a2d5
SSDEEP

24576:sHNQqKwXWH7YOt1fg8PW2fmVIhP5JY7iI59AbA0/mseJE8DuhQIs3D7ETRq:syqtGD1fRhfmCnCd0f/reK8DuuFz7M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
040f6e0b5ef4d5ff80e8da67638919c3

Files

040f6e0b5ef4d5ff80e8da67638919c3
.exe windows:4 windows x86 arch:x86

0bc96b00fcbaff967e6e9e74ebb3a9c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

BeginPaint

gdi32

BitBlt

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA

advapi32

RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

shlwapi

PathIsUNCA

oleaut32

VariantInit

ws2_32

getservbyname

Sections

.text
Size: 1.3MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE