04e7e21653c92e5a1cfd99cf698b7963 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04e7e21653c92e5a1cfd99cf698b7963
Size

1.5MB
MD5

04e7e21653c92e5a1cfd99cf698b7963
SHA1

fadc37c6a6eb0e79efe8d742f9a3cd69ccef2a6f
SHA256

30a747b6062a97fdb30d020da7cc3cecdbe8f29197830f1c29396241fd8eb694
SHA512

b1f5d76ef7a19cb2c3085bc14e60a8371fbc085f96a0124141a925a273be48b55bc12cfe508a8ff3eecb456e047d74b3ce39c87191e0aab64249d383020641f3
SSDEEP

24576:R/hSUFG/LHDPMYgIIRAetv0o79/55ZDtjNWvrSEfFYWLGJxcs94ivqQoFzsBFAQ:RJFKHDPgmYvJX+jnxLGJxb2ivqQoNYx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04e7e21653c92e5a1cfd99cf698b7963

Files

04e7e21653c92e5a1cfd99cf698b7963
.exe windows:4 windows x86 arch:x86

bcfc3ebcd90bd4631d65757853beb3bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetActiveWindow

gdi32

SelectPalette

winspool.drv

DocumentPropertiesW

comdlg32

GetSaveFileNameW

advapi32

RegisterEventSourceA

shell32

ExtractIconW

ole32

CoInitialize

oleaut32

VariantChangeType

oleacc

CreateStdAccessibleObject

comctl32

ImageList_GetIconSize

wsock32

gethostname

ws2_32

WSAEventSelect

Sections

.text
Size: 1.5MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE