2d9e8c835ea97c5798499265c914abe0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d9e8c835ea97c5798499265c914abe0
Size

44KB
MD5

2d9e8c835ea97c5798499265c914abe0
SHA1

fcc0df37c81c14e38938ab80f908b624bb09ed89
SHA256

75f0b7c53fddf4c2177aa3b958e6ee38aa3ba5bd04e21fe1e9f888d0a53986b6
SHA512

063d3fddb9df872ebb4724985001ce380ad099d39375c793982e84e271a18af4f17730c1f2d09d0e6452a5ea6e39bf80d02efcfc84f690cf1a53d1126aa46960
SSDEEP

768:KUwYw1HtZkaRfpFAmKLd+5zY1G4vdhft07TRJ7BhT+S9kh0T:KbbkyTKLIx4nl0fX7BhTDkST

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d9e8c835ea97c5798499265c914abe0

Files

2d9e8c835ea97c5798499265c914abe0
.exe windows:4 windows x86 arch:x86

a976982d176382809d78f932addacdaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateStreamOnHGlobal

kernel32

ReadFile
OpenProcess
UnmapViewOfFile
MapViewOfFile
ReleaseMutex
WideCharToMultiByte
GetExitCodeProcess
WriteFile
lstrcatA
lstrcmpiA
lstrcpyA
LocalFree
Sleep

user32

SetActiveWindow
mouse_event
SetCursorPos
GetCursorPos
wsprintfA
GetWindowRect

advapi32

GetUserNameA
RegQueryValueExA
RegOpenKeyA
RegEnumValueA
RegEnumKeyExA
RegCloseKey

shlwapi

StrStrIA

shell32

ShellExecuteA

crypt32

CryptUnprotectData

twain_32

AboutDlgProc
ChooseDlgProc
DSM_Entry
WGDlgProc

wininet

CreateUrlCacheContainerA
CreateUrlCacheEntryA
FtpGetFileSize
FtpOpenFileA
FtpPutFileA

Sections

.data0
Size: 21KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data2
Size: 374B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ