23ebd223c4a129756126d18b83e2b816 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

23ebd223c4a129756126d18b83e2b816
Size

165KB
MD5

23ebd223c4a129756126d18b83e2b816
SHA1

370d404c2e272b04ae8637d07286b9df67c0b375
SHA256

e02a6247b4f2222c641a1a5c8cae941a4f850494db38d9a92babde3029ead17a
SHA512

361dec713092d895411e2391a9aa1ea3d1e01bc3d2407244c04cf4fca3f724772cd68bb1f1b9dcd0d4c304ab81b48f3651f46210b8fb9034ad26775de1148805
SSDEEP

3072:3F/sioqVfIzPCf0J0SQkblBvBMG7Iua6qWSEsF+ljL4muQ4xC2gd+:3xsuficjervT7IuyWb4+WFv4+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23ebd223c4a129756126d18b83e2b816

Files

23ebd223c4a129756126d18b83e2b816
.exe windows:4 windows x86 arch:x86

4d89517640136f5186c7395aa6f7f87d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetWindowInfo
GetDC
GetAncestor
CreateWindowExW
MessageBoxW
LoadCursorW
RegisterClassExW
EndDialog

kernel32

lstrcpynW
TlsAlloc
CheckRemoteDebuggerPresent
TlsGetValue
EnumResourceTypesW
InitializeCriticalSection
TlsFree
TlsSetValue
GetStartupInfoA
GetFileType

winspool.drv

DocumentPropertiesW

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.apexi
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ