1d44e3a2c13c11d8657db2981d3cafa0 | Triage

Sharing

General

Target

1d44e3a2c13c11d8657db2981d3cafa0
Size

276KB
MD5

1d44e3a2c13c11d8657db2981d3cafa0
SHA1

9319d4f39dcc8ff8756c5c72417d00384308b1fb
SHA256

9336fb8902065b2e50f365ef2f9e6fa2fa894e3d931ea2da1c187e326cdf2630
SHA512

00fee93220a15c4d225cfc33454ea818355021168c63a0b075ee08ab3abcff541caa7a003a8cfa7291bd3a4de9f30c3b6639399812e5fce9f498cfa31c9c9a7a
SSDEEP

6144:NI4N1tJsKnwnZ+hlKfQQ2AF52aFzWSyhRf4xyi4Co1W9UeRvXgAT:NbHIfQQ2ArpWJh9ic1iU6ws

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d44e3a2c13c11d8657db2981d3cafa0

Files

1d44e3a2c13c11d8657db2981d3cafa0
.exe windows:4 windows x86 arch:x86

6d84d426acc3fe5ab031af64c49afb6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCombineW
UrlApplySchemeW
UrlGetPartW
UrlCombineW
UrlCanonicalizeW
PathAppendW

wtsapi32

WTSUnRegisterSessionNotification
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSRegisterSessionNotification

msimg32

TransparentBlt

kernel32

HeapFree
IsDebuggerPresent
GetStringTypeW
RtlUnwind
GetACP
LCMapStringA
VirtualAlloc
LoadLibraryA
GetStringTypeA
EnumResourceTypesW
SetUnhandledExceptionFilter
WriteFile
GetCPInfo
ResetWriteWatch
GetCurrentProcess
LCMapStringW
InterlockedExchange
GetOEMCP
GetLocaleInfoA

oleacc

LresultFromObject
AccessibleObjectFromEvent

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ