57a817102990f365d3f0462a9f2eeb04 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

57a817102990f365d3f0462a9f2eeb04
Size

72KB
MD5

57a817102990f365d3f0462a9f2eeb04
SHA1

b9ee1c30f543fb35d50edb254563ca5f819b2b69
SHA256

7de63839dbdd081c47ab26a40247a5ef0427085abebc2ecd215899daa4ac663e
SHA512

9b77df61bf5076fa8206b01c25555114c539ca27474472b560fc581a5f1c66908249b85af53eee6264cb8c7ed6fe9298d29d31b59e17cc5b4d03ae0b06213eac
SSDEEP

1536:jIOTjgI9HqJKp1kHt1vYJUEbooPRrKKRSqBXP:dvLSK1kN1AJltZrpRS0X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57a817102990f365d3f0462a9f2eeb04

Files

57a817102990f365d3f0462a9f2eeb04
.exe windows:1 windows x86 arch:x86

7ed2d43bce1ab712974c1dc0e83c76c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

comctl32

CreateStatusWindowW

gdi32

EndPage
EndDoc
AbortDoc
DeleteDC

comdlg32

PageSetupDlgW
FindTextW
ChooseFontW
PrintDlgExW

msvcrt

_XcptFilter
_c_exit
_exit

user32

PostMessageA
SendMessageA
SetWindowLongW
SetDlgItemTextA
SetWindowPos
SendMessageW
IsChild

winspool.drv

ClosePrinter
OpenPrinterW
GetPrinterDriverW

kernel32

ExitProcess
CompareStringA
LoadLibraryA
GetLocalTime
VirtualProtect
GetProcAddress
VirtualFree
GetFileSize
GetModuleHandleA
CopyFileA
VirtualAlloc
SleepEx

advapi32

IsTextUnicode
RegQueryValueW
RegCloseKey
RegEnumKeyExA

shell32

DragQueryFileW
DragAcceptFiles
DragFinish
ShellAboutW

Sections

.data0
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ