1ee0aa296aab2d595ca825fca8c6abe2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1ee0aa296aab2d595ca825fca8c6abe2
Size

320KB
MD5

1ee0aa296aab2d595ca825fca8c6abe2
SHA1

1e3830c3a5ec6c7b77a295c80f2d1b498a1446ec
SHA256

e5462be9c22427bda40adb633814d3b3906c43611588b52e39f180e9972fc4e2
SHA512

2d15531361796cc9ff61ef9505c172efcaa23c4e12a944bf3f49675a1e9262671c4a269234acfcaf9ab299644ae25828f5509cf82c93b0cb0d072af4ac65fc1b
SSDEEP

6144:IhGWR6WxfvPlAhyLXHFJYlEBVkg0s0/JgW+5d3+PpE2u1PiTfTCO:IoAtvqMXjYEnU/eW+5UpY6/CO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ee0aa296aab2d595ca825fca8c6abe2

Files

1ee0aa296aab2d595ca825fca8c6abe2
.exe windows:4 windows x86 arch:x86

05588e57095c95a8b798c90a6d14f640

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetCurrentProcessId
GetACP
HeapCreate
GlobalSize
GetUserDefaultLCID
InterlockedExchange
FreeConsole
LoadLibraryA
GetSystemTime
VirtualProtect
WaitForSingleObject
IsDebuggerPresent
GetModuleHandleA
PeekConsoleInputA
HeapDestroy
GetCommandLineA
GlobalMemoryStatus
GetTapeStatus
ResumeThread
GetTimeFormatA

user32

FrameRect
AnyPopup
DrawTextA
CreateIcon
BeginPaint
SetForegroundWindow
FillRect
GetFocus
GetCursorPos
GetClassNameA
GetParent
DragDetect
GetDC
GetTitleBarInfo
wsprintfA
EndPaint
GetWindow
ShowWindow
ReleaseDC

ntshrui

SetFolderPermissionsForSharing
IsFolderPrivateForUser
GetNetResourceFromLocalPathA
GetLocalPathFromNetResourceA
IsPathSharedA

msutb

GetPopupTipbar

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ