2e9809bcb3190dc8fac54da7ea062bda | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e9809bcb3190dc8fac54da7ea062bda
Size

912KB
MD5

2e9809bcb3190dc8fac54da7ea062bda
SHA1

356a29c619bd71c9ad3988ed50d3306d4b52e7a6
SHA256

77e71fe8ef8491a5f5980b8cadcae8254f064f697dd6d1c9be4abb1c2768848e
SHA512

008f1727f3cc9a8c57a9fc9934b253a25f2a2675494abb3273e84821609c1542d47da3e015cf5d9c7999faa8dd97c917567b566a674853d87f508e87da507a34
SSDEEP

24576:YeRy/lyPe/eNfAvEXY4Fg68DOtV8f9NpVtP/kBNpjg8i:YeRyUPeWhAMXTUDOP8fHpLPH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e9809bcb3190dc8fac54da7ea062bda

Files

2e9809bcb3190dc8fac54da7ea062bda
.exe windows:4 windows x86 arch:x86

cb4fd6027044d9e7d3aa9821424902ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrcpyW
GetFileTime
LoadLibraryA
OpenMutexW
FindResourceW
VirtualAlloc
VirtualProtect
GetModuleHandleA

shell32

ShellExecuteExW

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegCloseKey

comctl32

_TrackMouseEvent

shlwapi

SHDeleteKeyW
SHDeleteValueW

user32

MsgWaitForMultipleObjects
ExitWindowsEx
GetWindowTextA
GetCursorPos
GetDlgItem
GetClipboardData
DispatchMessageA
GetKeyboardState

msimg32

AlphaBlend

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE