2468516bec25ac5e0fb242709e8bab34 | Triage

Sharing

General

Target

2468516bec25ac5e0fb242709e8bab34
Size

175KB
MD5

2468516bec25ac5e0fb242709e8bab34
SHA1

8f512b1dc9963eea4e1de3f77055a58a6e30e63f
SHA256

e14829cd24d64180d7bd0389740091d373b76aac3995085074f1f501a21a2076
SHA512

046a8ad7618453f9cf08562377d8d084b0ed6604911d0c5cf1dd7b70ba56549a2b2dc8141dfa4f1549a243213d61cf50d7ab34428a2f637f921f472c68208f83
SSDEEP

3072:Xx83mfg+7dEqAsAat/cGypxbhsco15WAyOfS/vOHfeN1lfHsqj:9liqnAUcJxNscofiyS/1Hv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2468516bec25ac5e0fb242709e8bab34

Files

2468516bec25ac5e0fb242709e8bab34
.exe windows:4 windows x86 arch:x86

8e25b485f3f31f9905b62a2c80ca97d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

shlwapi

PathCombineW
PathFileExistsW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoRegisterClassObject
CoTaskMemRealloc
StringFromGUID2
CoRevokeClassObject
CoInitialize
CoCreateInstance
StringFromCLSID

user32

GetMessageW
KillTimer
wsprintfW
GetDC
SendMessageA
CharUpperW
PostThreadMessageW
CharNextW
TranslateMessage
SetTimer
DispatchMessageW
UnregisterClassA

oleacc

LresultFromObject
CreateStdAccessibleObject

kernel32

lstrcpyA
LockResource
WideCharToMultiByte
GlobalFree
GetProcessAffinityMask
GetACP
MultiByteToWideChar
InitializeCriticalSection
EnumResourceNamesW
lstrcpyW
OutputDebugStringW
GetCPInfo
lstrcpyA
lstrlenW
lstrcmpiW
GetTickCount
FreeEnvironmentStringsW
GetLastError
GlobalAlloc
FindClose
GetModuleHandleW

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isete
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ