376ab719c051ee289d51d6f06221fb1b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

376ab719c051ee289d51d6f06221fb1b
Size

186KB
MD5

376ab719c051ee289d51d6f06221fb1b
SHA1

44b69b9634a52bd5c7b965fff28c3e40f382c54c
SHA256

721cbffa868bda5c877b29e4ffffccea6b679ec6b2b1e64eb24288dd8e7b62dc
SHA512

3d7a37ede083586afb7c898a65a77cef6b90fe4f636a37b22ca1850726becae2651214737e9a19b480b68ce077ca0639baadd4f6fa6dc41e2010d4288a84ac46
SSDEEP

3072:9EL0BKYFsRT5H7+Gnp1E47jNm+MRgidbx5gPwmD96RtE8TNlaLjbJKJV1aOU:W07sRT5HnNm+kx5gBD9StEogbJKJp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
376ab719c051ee289d51d6f06221fb1b

Files

376ab719c051ee289d51d6f06221fb1b
.exe windows:4 windows x86 arch:x86

565d99d11872971fa09a134be76be5b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GlobalAddAtomA
LoadLibraryExW
GetTickCount
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
EnumResourceNamesW
InterlockedCompareExchange
RtlUnwind
SetUnhandledExceptionFilter
FindClose
GetLongPathNameA
InterlockedExchange
Sleep
GetProcAddress

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comdlg32

ChooseFontA
GetOpenFileNameA

ole32

CoCreateInstance
CLSIDFromString
CoTaskMemFree
StgCreateDocfile

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 102KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ