2e0f8049de6bb122266ffe09ba9275d0 | Triage

Sharing

General

Target

2e0f8049de6bb122266ffe09ba9275d0
Size

385KB
MD5

2e0f8049de6bb122266ffe09ba9275d0
SHA1

27c12bee483b6143d90033a80ff9c13f1f23f0c6
SHA256

98bcf293d65fed48017f6389e69e7a9274006a3ce23a2cc237f3804c5f0001b2
SHA512

fc197c81e86ebdd43f395b0c6910b873f34a83a1967abaf06dd5b9f04ed8c7b2c5c2662193b019db18c76a63ac54ab5a87fb57f424b25287d967a36e4f4509bd
SSDEEP

12288:Tw3AukDivh+rI0t76Fpzbged8B4kza0sxklVf9HoN:mAuRO4kza0qUVVIN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e0f8049de6bb122266ffe09ba9275d0

Files

2e0f8049de6bb122266ffe09ba9275d0
.exe windows:4 windows x86 arch:x86

e571081d0fd35825189d197f6fe4419e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
VirtualQuery
InterlockedIncrement
GetLocalTime
RtlUnwind
LocalAlloc
QueryPerformanceCounter
GetCurrentProcess
GetProcAddress
VirtualAlloc
GetCurrentThreadId
CreateEventW
HeapReAlloc
HeapAlloc
GetVersionExA
GlobalFindAtomA
HeapFree
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
FileTimeToLocalFileTime
ReadConsoleOutputCharacterA
GetPrivateProfileIntA
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime

comdlg32

GetFileTitleA
PageSetupDlgA
ChooseColorA
GetOpenFileNameA
FindTextA
ChooseFontW
GetFileTitleW
PrintDlgA
ReplaceTextA
ChooseColorW
LoadAlterBitmap
ReplaceTextW
GetSaveFileNameA
GetOpenFileNameW
PageSetupDlgW
ChooseFontA
FindTextW
PrintDlgW

user32

SystemParametersInfoW
GetPriorityClipboardFormat
DefWindowProcW
EndMenu
EnumChildWindows
RegisterClassExW
EndDialog

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ