1ec3af0dde13075d817e2c9d082013d8 | Triage

Sharing

General

Target

1ec3af0dde13075d817e2c9d082013d8
Size

102KB
MD5

1ec3af0dde13075d817e2c9d082013d8
SHA1

aed1dc19581ce93f7804c20651de175930fee152
SHA256

73ebca6309f308e1e900aa792c4e1b085271bcd270f3032a2c1d00d725d428e2
SHA512

f5fe41e2be5ce6f1f171f791a730530cfa9b95a36184779e816972a50bec95cca0115f18db14341c875a3c2857d492fcb9da6af2a9a19a19541d5d3c7d592a48
SSDEEP

3072:yynD+rtpSEeM+GJ4PIofivdyc58CeSct:yjrLJeM+vTavl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ec3af0dde13075d817e2c9d082013d8

Files

1ec3af0dde13075d817e2c9d082013d8
.exe windows:4 windows x86 arch:x86

bdfa4a77d59d44fb6cc9ea53793a40dc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderLocation
SHGetFolderPathA
SHGetFileInfoA
DragQueryFileA

kernel32

ExitProcess
HeapFree
ExitThread
GetCurrentProcess
GetModuleHandleA
CreateEventA
VirtualAllocEx
GlobalAlloc
GetModuleHandleW
GetCurrentProcessId
ReadFile
MoveFileExA
InitializeCriticalSection
GetVersion
LoadLibraryA
LoadLibraryExA
GetCommandLineA
CompareStringA
GetProcAddress

user32

DrawIcon
SetTimer
CallNextHookEx
MsgWaitForMultipleObjects
SetCursor
SendMessageW
EnableScrollBar
DestroyIcon
EnableWindow
DestroyCursor
MapWindowPoints
GetWindowLongA
SetWindowLongW
EqualRect
DispatchMessageW
GetCapture
UnhookWindowsHookEx
MessageBoxA
SetCapture
CallWindowProcA
GetSysColorBrush
ClientToScreen
SetScrollInfo
GetWindowPlacement
IntersectRect
IsDialogMessageW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ