2efa2c2dc3b2f1e0deaf677a5a6571db | Triage

Sharing

General

Target

2efa2c2dc3b2f1e0deaf677a5a6571db
Size

1.1MB
MD5

2efa2c2dc3b2f1e0deaf677a5a6571db
SHA1

2112732e7426db078be8c347d57a0733762ea631
SHA256

ca8de1b1be0b7934bbcd6995b6e4fd68ff1d210518a04ef5c3377100c8cc11c6
SHA512

b75619b0a05b7cba7c1e0277359608731efd23322e6c920ffc191382e9f2e52ece1e6f9ed042c058baad3d8d19b59c2131223e8c9daa8eb98525622644b5cbd8
SSDEEP

24576:K3vQkL7xsxgDSGyEEWdMe7vHz+ZiY63dt:4D2l7EV/qZi93r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2efa2c2dc3b2f1e0deaf677a5a6571db

Files

2efa2c2dc3b2f1e0deaf677a5a6571db
.exe windows:6 windows x86 arch:x86

c9da529290104fd70c9bbfda9291b8e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

activeds

ADsEncodeBinaryData
ADsEnumerateNext
AllocADsStr
AdsTypeToPropVariant2
PropVariantToAdsType
ADsBuildVarArrayInt
ADsFreeEnumerator
SecurityDescriptorToBinarySD
FreeADsStr

shell32

DragQueryFile
ILClone
RealDriveType
RestartDialogEx
OpenRegStream
ILIsEqual
CDefFolderMenu_Create2
DragQueryPoint
DAD_AutoScroll
RegenerateUserEnvironment
Options_RunDLL
ExtractIconEx
PrintersGetCommand_RunDLLA
PifMgr_OpenProperties
ILFindLastID
DAD_DragEnterEx
PathMakeUniqueName
ExtractAssociatedIconA
DriveType
PifMgr_SetProperties

kernel32

ExitProcess
ReadFile
UnmapViewOfFile
GetFileAttributesA
VirtualAlloc
WaitForSingleObject
CloseHandle
LeaveCriticalSection
CreateFileA
FileTimeToDosDateTime
GetVersion
GetCurrentThreadId
MapViewOfFile
CreateFileMappingA
GetProcessHeap
SetFilePointer
WriteFileEx
GetFileTime
EnterCriticalSection
WriteFile
VirtualFree
InitializeCriticalSection
CopyFileA

Sections

.text
Size: 514KB - Virtual size: 514KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrcs
Size: 416KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ