0826079e672778e47402242ee520dc4e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0826079e672778e47402242ee520dc4e
Size

363KB
MD5

0826079e672778e47402242ee520dc4e
SHA1

b9bf9bee1f54ffb474d672e10cd644f4f089187a
SHA256

84e7e61dc60de784e6a4fce0dda20c8a73007c72601c47214c1b3f343dd123d3
SHA512

4edc2584f0ed32225f658f5bff92d9f9acafdb77d7de4357a386c008e99c4551939575ebd415d09fcf3bde71d2bb44853aebd94bd9415231d7a710db475ebaa6
SSDEEP

6144:4T854NgQwVsrvPSBHGeytGh0bgFfzDfpVdQbm1z4KVny1sRsjV7J1oyhuCrps:4TfOQwCjPS9GJGh+gt/D+bmZynV7mSps

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0826079e672778e47402242ee520dc4e

Files

0826079e672778e47402242ee520dc4e
.exe windows:4 windows x86 arch:x86

9427589dc87002a0113b27f27d121b94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetDriveTypeA
GetCommandLineA
GetDiskFreeSpaceExW
GetLastError
DeleteCriticalSection
VirtualProtect
CreateMutexA
GetExitCodeProcess
EnumResourceTypesA
ReleaseMutex
TlsGetValue
FreeConsole
LoadLibraryExW
FindClose
GetTickCount
CloseHandle
SetLastError
GetModuleHandleA
GetComputerNameA

shell32

DragFinish
SHFree
ShellAboutA
DllUnregisterServer
SHGetNewLinkInfo
DragAcceptFiles
SHGetDiskFreeSpaceA
ShellMessageBoxA
DragQueryFileA
SheChangeDirA
SHGetMalloc
SHGetSettings
StrChrA

printui

bPrinterSetup
bFolderGetPrinter
vQueueCreate
PnPInterface
bFolderRefresh

user32

MessageBoxA

Sections

.text
Size: 1024B - Virtual size: 628B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ