2d9873862917f4ba8c4bed5a56f505bd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d9873862917f4ba8c4bed5a56f505bd
Size

638KB
MD5

2d9873862917f4ba8c4bed5a56f505bd
SHA1

eaa273c0dd26b94724b0a313c0a924198245da18
SHA256

dda4676bce7ce997f0b2019ce8458b9375bdf58acec12a085ff0f9c6d31f6e16
SHA512

446600246423ec249ecc3a47ce593a786fb7b9080856bdb4fbc1edcb8104eb235a6182573681c29c8ed84029642fd1c2dde1fa1adb5ba79afbde58b8275980e5
SSDEEP

12288:Q0ECXILnhqp5DSOBNHNEdV2J9XQ6fq70Q6d/crSQUdW1zlXRPccpR7iDlNANf:Q0Kj0DbNySi6S70Q6CrSTAZ1Hiraf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d9873862917f4ba8c4bed5a56f505bd

Files

2d9873862917f4ba8c4bed5a56f505bd
.exe windows:4 windows x86 arch:x86

b6cc939a4ed5cbfe0556331ffaeb116b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
WaitForSingleObject
GetTickCount
GetStdHandle
HeapReAlloc
GetConsoleCP
CloseHandle
GlobalUnlock
GetSystemDefaultLangID
VirtualProtect
GetModuleHandleA
TlsFree
GetVersion
lstrlenA
CompareFileTime
GetProfileIntA
AddAtomA
InterlockedExchange
WaitForMultipleObjects
HeapCreate
LoadLibraryExA

user32

GetMenuStringA
DestroyMenu
SetPropA
GetDlgItem
GetWindowTextA
EnableScrollBar
DispatchMessageA
TranslateMessage
SetWindowPos
ShowWindow
MessageBoxA
GetKeyboardLayout
FindWindowA
UpdateWindow
CopyRect
PaintDesktop
CreateCursor
ModifyMenuA
SubtractRect
CreateCaret
DialogBoxParamA
InsertMenuA
PostMessageA
GetKeyState
EqualRect

msi

MsiEnumClientsA
MsiDoActionA
MsiEnumProductsA
MsiGetMode
MsiCloseHandle

ws2_32

WSAAccept

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ