2b20d61f149d4c197a8e92a476fc174d | Triage

Sharing

General

Target

2b20d61f149d4c197a8e92a476fc174d
Size

408KB
MD5

2b20d61f149d4c197a8e92a476fc174d
SHA1

996b0b7e3355e5f6b74112b66c264fb233dcf5fc
SHA256

90f5e96e747629b564339e3d4f8adc95e751381cd8b0f176d05d292dc558901d
SHA512

e7cabeae236919a5f3dc7e154961634181f1e3b81a72589d5401e4ad745c6d6df8ce5baffbb7ae30f41b864ef7e0963758b1e150dc5fe7408c6f0c30e733b579
SSDEEP

12288:aR3St66LN2ekRs1ZV36p9fEqNxNYqjS4qmJhKji:aRStFN29yxqpVX1m4X/KO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b20d61f149d4c197a8e92a476fc174d

Files

2b20d61f149d4c197a8e92a476fc174d
.exe windows:49780 windows x86 arch:x86

c87da1eaf8d07bcac8d4c1ed75a77a6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

BitBlt
ExtTextOutW
CreateBitmap
PatBlt
CreateCompatibleDC

kernel32

FreeLibrary
ExitProcess
VirtualAlloc
GetCommandLineA
LoadLibraryExW
LocalFree
LoadLibraryA
MultiByteToWideChar
GetModuleHandleW
CreateFileW

user32

EnableMenuItem
GetWindowLongW
PostQuitMessage
SetDlgItemTextW
DispatchMessageW
GetDesktopWindow
EndPaint
MoveWindow
FindWindowW
MessageBoxA

advapi32

OpenThreadToken
AllocateAndInitializeSid
RegOpenKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 388KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ